Working Paper: Online Privacy and ISPs

This Working Paper provides a detailed, factual description of today’s online ecosystem for the United States, with attention to user privacy and the data collected about individual users. The Working Paper addresses a widely-held, but mistaken view about Internet Service Providers (ISPs) and privacy. That view asserts that ISPs have comprehensive and unique access to, and knowledge about, users’ online activity because ISPs operate the last mile of the network connecting end users to the Internet. Some have cited this view to suggest that ISPs' collection and use of their customers’ online data may justify heightened privacy restrictions on ISPs. This Working Paper takes no position on what rules should apply to ISPs and other players in the Internet ecosystem going forward. But public policy should be consistent and based on an up-to-date and accurate understanding of the facts of this ecosystem.

The Working Paper addresses two fundamental points. First, ISP access to user data is not comprehensive – technological developments place substantial limits on ISPs’ visibility. Second, ISP access to user data is not unique – other companies often have access to more information and a wider range of user information than ISPs. In summary, based on a factual analysis of today’s Internet ecosystem in the United States, ISPs have neither comprehensive nor unique access to information about users’ online activity. Rather, the most commercially valuable information about online users, which can be used for targeted advertising and other purposes, is coming from other contexts. Market leaders are combining these contexts for insight into a wide range of activity on each device and across devices.