When you’re shopping for a VPN or otherwise looking into your privacy, you’ll quickly run into claims that your internet service provider is collecting your data and selling it. Is that even true, though? What are the rules that govern what ISPs can and cannot do with your data?
In fact, around the world, it’s often illegal for ISPs to gather data and sell it to third parties. For example, Canada doesn’t allow it, nor does Australia.
In the United States, however, things are very different. ISPs have been allowed to sell customer data to third parties since 2017, when Congress passed a resolution to eliminate FCC privacy rules that would have banned the practice. Where before an ISP needed to ask you before putting your personal data and browsing history on the market, with the stroke of a pen, this need for permission was revoked.
Instead, ISPs are required to provide customers with an opt-out clause, which usually takes the form of a page on the ISP’s website, where users need to make clear that they don’t want their data sold. The default setting, so to speak, is yes.
The uproar over this change was massive in the media, and VPNs (and VPN review sites) hawked their wares as the best way to respond to this new, intrusive legislation. In response, however, ISPs were quick to pledge not to sell customer data, and enshrined those promises in their privacy policies.Advertisement
After all, just having the right to do something doesn’t mean that you’ll do it, right?
A tour of the privacy policies of all the major ISPs in the United States shows that all of them promise not to sell your data. However, some of the language used does stand out a little. For example, Comcast Xfinity promises not to sell information that identifies you. While that could just be the legal department hedging its bets, it’s not quite the same as promising not to sell data.
In 2019, likely worried about the many reports it was getting about data sales and other privacy violations by the large ISPs, the Federal Trade Commission decided to open an investigation into these practices. It sent out orders to Comcast, T-Mobile, Google Fiber, AT&T, and Verizon as well as the mobile arms of some of these companies.
We reached out to a few of the ISPs that received orders as well as those that confirmed that they had complied with the FTC order. However, the FTC itself told us in an email that it is still looking into the matter. The investigation hasn’t yet resulted in anything.
If you’re worried about ISPs accessing and selling your data and you’re not in the U.S., chances are that you don’t have to be—although you might want to search the web for information about the laws and practices in your specific country. If, however, you’re in the United States, then you may want to keep an eye out.Advertisement
Until Congress can be persuaded to change this, all that you can do is sign up to a virtual private network and prevent data from being collected by your internet service provider. However, a VPN isn’t a magic bullet: Despite what many VPN providers will tell you, you’ll also need to use incognito mode more often.
In short, a VPN lets you reroute your internet connection to its own servers, which are shielded from your ISP’s gaze (read our article on how VPNs work). Using one means that your ISP can see that you’re connecting to a VPN, but not what you’re accessing through the VPN. This means that, theoretically at least, your browsing is private and there’s no information for your ISP to profit off of.
If that sounds good to you, then check out ExpressVPN, our favorite VPN service—although, if you want lasting change, we recommend that you give your representative in DC a call or an email.Our Favorite VPN
A VPN prevents your internet service provider from even seeing your browsing traffic. (The VPN can see it instead.) We’ve trusted ExpressVPN for years.Download It Now