News: A Rundown of the Privacy Policies for Major Mobile Carriers & ISPs

A Rundown of the Privacy Policies for Major Mobile Carriers & ISPs

Most of us skip through documents like privacy policies and EULAs (end-user license agreements) because they're long and boring. But, as Congress just passed the SJR34 bill in early April, you're probably a little concerned about your personal data, so we summarized the privacy policies for major ISPs and mobile carriers in the US.

All providers create lengthy terms of service documents, explaining in great detail conditions for using their networks. Within these documents, there's always some form of disclosure about what kind of data is retained and how it is used. Below, we've summarized the privacy portion for each major ISP and mobile carrier, and included other pertinent information where applicable.

Mobile Carriers

Although some carriers also provide wired internet, the mobile component of these businesses is slightly different. You will see that all providers collect and share information, though each makes an effort to protect sensitive customer proprietary network information (CPNI). In addition to that, most carriers do their best to separate personally identifiable information (PII) from non-personally identifiable information (non-PII) when sharing any data with third parties.

In the first section of this guide, we'll take a look at the privacy policies for the five largest cellular providers in the US.

Image by Nick Epson/Gadget Hacks

Note: "Third Parties" excludes entities that work directly with the service provider to bring you services, such as installation technicians and credit check companies. When complying with legal investigations, service providers must first be served a subpoena or warrant before releasing data to the authorities.

AT&T

AT&T has a long history dating back to the invention of the telephone itself, as the company was founded by Alexander Graham Bell. But despite nearly 140 years of doing business, their privacy policy is still quite modern and straightforward.

The personal information you provide to AT&T during signup is used to create a customer profile and is shared internally with other AT&T-branded companies — though, it is sometimes securely transmitted to businesses who perform services for the company, such as their billing company. Personal information and interests you've expressed while using their services are used to deliver relevant advertising, but only non-PII is sent to third parties.

Whether using AT&T's home or mobile internet, anonymous data is collected from places visited when browsing, and some elements related to app usage are retained. Though it is not possible to opt out of first-party advertising (meaning the ads you see when using an AT&T site or app), opting out of most third-party sharing can be accomplished here. AT&T makes it a point to inform customers in the privacy policy that personal information is never sold for any reason and is only kept for as long it's needed after ending service.

Sprint

Sprint's origins can be traced all the way back to 1899 when it was known as Brown Telephone Company. Since that time, the company has seen several changes, as it evolved into the nation's fourth largest mobile carrier.

The information you willingly provide to Sprint is used to create and maintain an account. Personal information is used to process orders, respond to legal matters, and aggregate with others' usage to improve the network and deliver you content while using a Sprint-owned app or while visiting their site. Sprint does not share any PII outside of their internal network, which includes affiliates Adobe and LiveRamp.

Sprint's third-party advertising associates will retain information by default when you hold an account with the company. As such, opting out of anonymous data sharing from these services is an important first step, and once completed, logging into your account and navigating to privacy settings, then turning off sharing will de-authorize Sprint from sharing most information with advertising affiliates. The company does not identify what happens to data once a contract is ended.

T-Mobile

In the '90s, Deutsche Telekom, a German provider, purchased a smaller US carrier named VoiceStream and rebranded the service as T-Mobile. Since then, T-Mobile has gained some independence from its German parent company, as Deutsche Telekom is now merely a majority shareholder, and T-Mobile makes its home in Bellevue, Washington.

When using an official T-Mobile-branded app, information about your device is logged in the system. When browsing the web or using third-party apps while using the service, some data is collected, and anonymous portions, such as cookies, are shared with third-party companies. If in a T-Mobile store with a device registered to the account, information will be retained to log movement and wait times.

Compared to other providers that utilize a form to stop the sharing of information, the tools available from T-Mobile are slightly different. Though a simple opt out form is available directly through T-Mobile, a third-party advertising company, known as the Digital Advertising Alliance, is referenced for opting out of additional information sharing — this is something that other companies likely utilize, but don't usually disclose. After canceling service, T-Mobile retains personal information only as long as necessary for tax purposes or for pending legal matters.

US Cellular

US Cellular was formed in 1983 by a Chicago-based telecommunications company called TDS. The TDS family still holds a majority stake in US Cellular, which has carved out a niche for itself as a regional carrier in the Midwest and Pacific Northwest, and now ranks as the nation's fifth-largest mobile provider.

Setting up an account with US Cellular requires furnishing the company with a variety of personal information that is used to create an electronic record. The confidential personal information you provide the company is only used within the company and shared with outside parties in a couple of scenarios, which include checking your credit and seeing if your account with the company should go into collections.

Personal information is not sold to third parties, though some affiliates will have access to anonymous information collected on US Cellular's monitoring systems. The company makes mention that location is not shared in a personally identifiable manner. US Cellular urges that customers check privacy policies for different applications, as these apps' privacy policies dictate how is information collected and used. They do state that information is deleted after it no longer useful once service is canceled.

Unlike most providers, US Cellular does not provide a web-based form to opt out of sharing with third parties. Instead, they request you call 1-800-509-625 to opt out.

Verizon

Verizon Communications, which owns the Verizon Wireless company, traces its roots to Bell Atlantic, one of the "Baby Bells" created when AT&T was deregulated after an antitrust suit that began in the 1970s. Despite these ties, it operates as a wholly separate entity from AT&T and has even surpassed Ma Bell to become the largest mobile carrier in the US.

To set up an account with Verizon, you will need to disclose several pieces of personal information to the company. Governing policies for data retention and sharing outlined in the privacy policy will apply to all brands of Verizon service, including the wireless service, FiOS, and AOL. The data retained while using the network is cataloged when using Verizon-branded apps on your device. To quote Verizon:

Information is collected about your device and your visit including ... IP address; mobile telephone, device numbers and identifiers; account information; web addresses of the sites you come from and go to next; and information about your connection, including your device's browser, operating system, platform type and Internet connection speed.

Third-party affiliates will receive limited information, such as cookies, which are non-PII. Should you use social media to create an account or log in to a Verizon service, it will collect basic profile information, as well as things you've liked and your friend list, which is used for first-party advertising.

Data collected and sharing options for your CPNI is done for what Verizon considers "Business & Marketing Insights" and "Relevant Mobile Advertising." All three options may be toggled off to disallow sharing for each individual device registered to the network by following this link and logging into your profile. Verizon promises not to sell your PII, though it does not mention what happens to this data after terminating an account.

Internet Service Providers

Companies that provide internet service to your home or business are referred to as internet service providers (ISPs). Like mobile carriers, all ISPs collect some form of information about your internet usage. Generally, this data is safeguarded within the organization, but some anonymized data is shared with third parties. Check out the charts and summaries below for an outline of key points made by each company within their respective privacy policy.

Image by Nick Epson/Gadget Hacks

Note: "Third Parties" excludes entities that work directly with the service provider to bring you services, such as installation technicians and credit check companies. When complying with legal investigations, service providers must first be served a subpoena or warrant before releasing data to the authorities.

CenturyLink

CenturyLink started out as the Oak Ridge Telephone Company back in 1930. It has since acquired a number of smaller telcos and grown to become the fourth largest telecommunications provider in the US, and the company also provides residential and business internet service.

During account activation, CenturyLink collects several pieces of PII used for identification and billing purposes. This information is shared with vendors and employees, though a training program is in place for both external and internal individuals on how to protect this information. CenturyLink does admit to limited scanning of content during certain unsecured transmissions, such as file downloads, but this information is not shared. Personal information is sometimes shared with third parties so long as the receiving company retains this information securely.

One unique portion to the CenturyLink privacy policy is that no mention is made regarding limits on the collection of data from children using the service. Instead, the company urges parents to pay attention to how their child uses the web. The only time the company limits collection is when a child visits the website.

Consent to sharing of anonymous data with third parties is compulsory when initiating a service contract. Unlike other ISPs, CenturyLink does not offer a first-party tool for opting out. Instead, the website will direct you to opt out via the Network Advertising Initiative. The company also suggests you manually turn off sharing for the individual sites you visit.

Charter (Spectrum)

Charter Communications, who recently purchased Time Warner, markets its broadband internet service under the moniker "Spectrum." When it comes to privacy, both its residential and commercial services collect and distribute information in the same manner.

Upon initiating service, Charter collects both personally identifiable information and non-personally identifiable information for your account. This is used by the company to properly deliver content to you. The company also shares information with third parties by default, including PII.

Charter will also share anonymous information to third parties for audience measurement data. In some cases, information may be disclosed to authorities to comply with legal investigations. You can opt out of most information sharing by following this link. It is uncertain what, if anything, Charter does with information after cancelling service.

Comcast (Xfinity)

As the nations largest cable TV and internet provider, Comcast has expanded into other ventures in the pursuit of vertical integration. The company also owns the NBCUniversal network and recently purchased Dreamworks Animation, so it has a complicated corporate structure, but the privacy policy for its Xfinity internet service is fairly simple.

When you set up an account with Xfinity or Comcast, you will disclose a variety of personal information, including a social security number and credit card or bank account for billing. While using the service, the company will track both PII and non-PII information related to your browsing habits.

The only third parties who see any of this data are affiliate companies working with Comcast Web Services, and only to the extent of what's needed for these services to function. With that said, not all companies in this realm observe the same policies, although the data shared is supposedly minimal.

Upon beginning service, your information is fair game, per the privacy policy. Like other ISPs, you have the option to opt out of sharing with third parties beyond any additional Comcast services you may use, such as Plaxo. When you opt out, it does not preclude you from seeing ads, it just removes personally tailored ads based on information collected about your usage. Xfinity makes no mention of what happens to your data once you are no longer a customer.

Cox Communications

Cox Enterprises was founded in 1898 in Dayton, Ohio by schoolteacher James M. Cox, who went on to become the state's first three-term governor. After much success in the media industry, Cox Enterprises began offering telecommunications services in 1993 and continues to do so today under the subsidiary brand Cox Communications.

Upon establishing an account with Cox, you will be required to disclose several PII items including a driver's license number. Other times, the company will collect information through optional surveys, whether by phone or online, at which point the company divulges plans for utilizing the information. The information willingly furnished to Cox is only shared with the company, and when necessary, to vendors and affiliates.

While connected to the service, a log is kept with information such as location, device type, MAC address, volume of data, and duration, and this information is used internally to better tailor services. However, only non-PII information is shared with third parties. If you are a customer that would like to opt out, you can use this link. Cox does admit to automatically blocking traffic on certain ports, which are considered notorious for transmitting spam and downloading malware. When personal information is no longer needed, the company will destroy it.

Frontier Communications

Frontier operated as Citizens Utilities Company from 1935 up until the year 2000, then briefly changed its name to Citizens Communications Company for eight years, before finally being rebranded with its current name. From their roots of providing service to rural areas, Frontier has now expanded into several major cities, including Los Angeles (where they acquired Verizon's FiOS business) and Seattle.

Personal information you disclose to Frontier is used by the company for the sake of providing service, but it is mostly limited to Frontier's internal use. The company does share some personal information to third parties who perform services on the behalf of Frontier, such as DISH, if this package is part of your account. Anonymous, non-PII data is shared with other third-party companies for audience measurement purposes.

At the time you sign up for service, you are automatically opted into sharing non-PII information with third parties. Frontier makes mention that it employs "reasonable technical, administrative, and physical safeguards to protect against unauthorized access" for information, but does not offer any guarantee about safety. Much like other ISPs, the option to opt out of allowing the company to share your information is available by following the link and entering your information. What happens to personal and anonymous information after terminating service is not addressed in their privacy policy.

Time Warner

Time Warner also operates under the Bright House Network brand, or sells Spectrum-branded internet access in some regions, as the company has merged with Charter. Eventually, Charter plans to phase out the Time Warner brand entirely, but for now, it still maintains separate privacy policies.

All brands of Time Warner's internet service collect information about your usage as you browse the web. The company uses your personally identifiable information solely for the sake of contacting you when you're a subscriber, and will not share any PII with non-affiliated third parties unless you explicitly consent. Their privacy policy also mentions that the company will store your information when you visit their site, which is typical of just about any website.

You will need to consent to non-PII sharing when initially signing up for service, though, you can use this link to opt out. When an account is terminated, Time Warner retains records until information is no longer needed for business purposes (i.e., tax or legal purposes), at which point it's destroyed or anonymized.

Conclusion

If you read through all the provider summaries above, you probably noticed that they're all virtually the same. This holds true for the full policies as well.

Providers don't want you to be afraid that personal information may be in jeopardy. With several companies now stepping forward and promising not to sell personal information, as well as revising the content of their privacy policies, everyone should eventually follow suit. In the end, your personal information and browsing history should not be any more or less for sale, even though the SJR34 bill has passed.

If you don't see your provider on the list above (there are too many to go through), make sure to check out their privacy policy in depth to make sure your information isn't falling into the wrong hands—and to see how to opt out of data collection.

Cover image via edar/Pixabay
Screenshots by Nick Epson/Gadget Hacks

Be the First to Comment

Share Your Thoughts

  • Hot
  • Latest