Whether the nullification of Obama-era rules regarding internet service providers is an unconscionable blow to privacy or merely a leveling of the playing field with web-based companies, one thing is for certain – when it comes to protecting your personal information online, you are on your own.

With an ever-increasing amount of our lives being lived online, that’s not good enough, and if the federal government isn’t going to do it, then it is up to the states to hand some of the responsibility to the companies now awash in so much of our personal data.

Last month, the Republican-led Congress voted largely along party lines to repeal the rules, which would have required internet service providers like Verizon and Time Warner to get express consent before selling customer data.

Opponents of the rules, which had yet to go into effect, say they put ISPs at a disadvantage against web-based companies like Facebook and Google, which have no such restrictions on selling user data, and that the rules would have given customers the false sense that all data put online was safe from third-party use.

EXPECT MORE MINING OF PERSONAL DATA

Whatever the case, the immediate impact of the repeal is small; the major ISPs have all pledged to refrain from selling customer data.

But that can change. The ISPs have been operating under the assumption that the rules would be in place, and must now shift gears. Once they figure out how to monetize the data without losing customers, it’s hard to imagine they won’t capitalize on the multibillion-dollar-a-year online advertising industry, putting your browsing history, geo-location data and app usage up for sale in some way.

That alone shouldn’t alarm anyone familiar with how the internet works – it’s basically what Facebook and Google do all the time.

But the mining of personal data will only get more sophisticated from here. It is far easier for a billion-dollar company to exploit that data than it is for the average person to stop sharing it.

And when companies decide to exploit your data, they will find little legal resistance.

Because of the way Congress repealed the rules, the Federal Communications Commission cannot propose them again. There is some talk of moving oversight back to the Federal Trade Commission, which oversees web-based companies, but no action so far.

“There are no rules here now,” lawyer Peter Guffin, who heads Pierce Atwood’s privacy and data security practice, told the Press Herald. “There’s a complete vacuum in terms of when an ISP can see into the contents of our communications, what it can do with those contents, and even whether it has to tell us if this data has been hacked.”

INDIVIDUAL STATES NEED TO STEP UP

If anything’s going to be done, it will have to be at the state level. Multiple states are considering bills that mirror the repealed rules. A bill in Massachusetts, for instance, would bar ISPs from collecting, using or disclosing customer information without written consent, and prevent them from charging more or refusing service to customers who refuse to consent. Maine should consider similar legislation.

States should also consider a broader internet user “bill of rights” that would provide universal protection of private information, regardless of the company or industry.

The federal action also highlights the need for competition among service providers. The industry is increasingly ruled by a few huge companies that have little or no obligation to individual customers.

Smaller, local companies – even municipal-based service providers – won’t find it so easy to put shareholders above customer rights.

filed under: