Opinions expressed in this piece are solely those of the author and do not represent the views of SNL Kagan.
Digital providers and social networks may know more about us than we know about ourselves via the data they collect on all of our online and mobile browsing, consuming and social interactions. Yet their policies on handling and securing our user information remains opaque.
A lack of meaningful transparency by digital providers is one of the key findings in a new report by the New America's Open Technology Institute. "The 2017 Corporate Accountability Index" evaluates and scores 22 digital providers around the globe on their policies and practices that affect users' privacy rights.
The selected companies are meant to be a representative sample of broadband and telecom internet service providers; edge providers such as digital content aggregator Google; major technology platforms like Apple Inc.; and social media networks such as Facebook Inc. In aggregate, they serve at least half the world's estimated 3.7 billion internet users.
The index measured 18 privacy attributes ranging from security and data sharing with third parties to clarity in disclosing privacy protocols. Scoring was based on 100 points for full disclosure of each attribute and 50 points for partial disclosure. No points were awarded for lack of disclosures or meaningless disclosures.
Google ranked highest among U.S. firms while AT&T Inc. ranked lowest. Still, the seven U.S.-based providers averaged a 54 score, which beat the other 15 providers in the study. Most of the 15 non-U.S. providers ranked well below the U.S. average.
The rankings come just as the U.S. Congress is looking to overturn the FCC's newly enacted broadband privacy rules adopted by the Obama administration. The politically charged rollback effort argues that broadband cable and telecom providers would be at a competitive disadvantage to edge providers and social media networks, which freely market our user information.
Tech experts, meanwhile, seem to have diverging opinions about how much personal data is really revealed by your consuming behavior. Fortune Data Sheet tech reporter Robert Hackett argues that half of internet traffic is encrypted with HTTPS protocols which prevents "snoops, spies or ISPs" from gaining much valuable insight into what you are doing other than your web destination.
Other digital privacy experts insist that cybersecurity is at risk when privacy safeguards are ignored by regulators, providers and data brokers. One recent academic paper found that 54% of connections that were intercepted, decrypted and re-encrypted to allow for a tracking cookie or targeted ad insertion ended up with a weaker encryption.
If politicians seem at odds over how to best regulate big data, consumers appear to be both baffled and overwhelmed by the privacy policies of the digital providers, platforms and networks they frequent.
According to a 2014 report by Pew Research, half of online America thinks a privacy statement protects the confidentiality of their personal and user information because the online statement says "privacy" in the heading. Pew also notes that a majority of users find policy statements so confusing and "unreadable" that they simply do not bother reading them.
A 2015 survey found that more than 30% of social network users have never read a Terms of Service agreement and 37% say it takes too long to read them. But before we scold them for being lazy, consider the following stats from a 2008 research report about privacy agreements:
The average length is 2,514 words which takes about 10 minutes to read. OK—not a problem. Except, you may encounter 1,462 privacy statements in a year, which would take you 76 work days to read. The aggregate number of hours in the U.S. to get through them all is 53.8 billion and the lost productivity cost of reading all those endless statements would total $781 billion (and those were 2008 dollars).
I expect the debate about privacy will rage on regardless of what the politicians do about it as there is a lot of anxiety in play about how our personal data is used or abused, not to mention the economics at stake. Nobody seems to know just how big the data reselling business is — I have seen estimates from $136 billion to $300 billion annually.
Whatever the number is, it stands to reason that your internet service provider would like a piece of the action.