As the Electronic Frontier Foundation has pointed out, there are also serious implications for security: If ISPs look to sell consumer data, “internet providers will need to record and store even more sensitive data on their customers, which will become a target for hackers.” Even if they anonymize your sensitive data before they sell it to advertisers, they need to collect it first—and these companies don’t exactly have a perfect track record in protecting consumer data. In 2015, for example, Comcast paid $33 million as part of a settlement for accidentally releasing information about users who had paid the company to keep their phone numbers unlisted, including domestic violence victims.
This is all made much more difficult for consumers by the dearth of broadband competition. More than half of Americans have either one or even no options for providers, so if you don’t like your ISP’s data collection policies, chances are you won’t be able to do much about it, and providers know that. It’s highly unlikely that providers, particularly the dominant companies, will choose to forego those sweet advertising dollars in order to secure their customers’ privacy, when they know those customers don’t have much choice. […]
All is not completely lost. Your ISP still has to allow you to opt out of having your data sold, so you can call them or go online to find out how to do that. (If you do that, let us know how it went.) But today’s news is devastating for privacy overall. Consumers could have had more control over their privacy; your data could have been safer. Things could have been better, if Congress had done what it usually does and done nothing. Instead, they made things worse for anyone who doesn’t run an internet company or an advertising agency.