Your browser is not supported. Please update it.

10 March 2016

Verizon fined by FCC – Are privacy laws too severe?

Verizon has been fined $1.35 million by the FCC this week for violating privacy laws. While this penalty is barely a drop in the ocean for the US operator, this is part of a wider problem facing not just operators, publishers, and content providers, but also the technology vendors that work with them.

The FCC deemed that Verizon’s ad targeting technology, or “supercookies”, had infringed its Open Internet Transparency Rule, as Verizon had been collecting customers’ data and sharing this with third parties without the consent of users, and with no option to opt out. Following the small fine, Verizon has now agreed to a three year FCC plan in which it is required to notify its customers about ad programs, and gain full consent before sharing this data with outside companies.

Data collected through methods such as Verizon’s ad targeting technology provides invaluable information about customer behavior which can be exploited for targeted advertising, as well as increasing total viewing through targeted content recommendations. In order to achieve this, operators will use one of the various analytics packages to provide broader customer insights than are available at present, from a combination of traditional panels and set top box return path data.

However, the issues here are that these methods of collecting personal data relate to individual users, not just households as a whole – this data is more specific, such as physical movements and daily routines, as well as viewing and browsing habits.

While the class-action law suits generally involve the big guns of the industry, behind closed doors it also affects the vendors of recommendation and personalization software, and one of those vendors is US company Iris.TV, which Faultline spoke to this week.

Iris.TV’s software works by collecting and analyzing video metadata, including titles, description, tags, category, and keywords, to determine the similarity of content. This is then paired with anonymously collected user behavior data (videos consumed, interactivity, geographic location, device type) to build a demographic consumption profile. It claims a 54% boost for viewing on web and mobile devices for its customers.

Iris.TV reiterates that its core focus is user privacy, and therefore spoke a lot about the legal and privacy barriers faced in the recommendation and personalization game, particularly in the US and UK – Iris.TV described UK regulations as “draconian”. While not much can be done about this, there is some small room for maneuver in anonymizing data, by replacing user names by identifiers or, if this is still in violation of the rulebook, accumulating users into small target groups – decreasing the likelihood of someone obtaining user identities if there was ever a data privacy leak.

Iris.TV says its technology differs from rivals because it’s cloud-based, and claims it is highly secure, and also suggested some competitors were unable to guarantee security of user data – but did not specify just how it makes its cloud based software more secure than others.

Latin America is an emerging market for many industries, including recommendation, and Iris.TV said it is currently working with partners to establish new metadata standards in the region.

Real-time personalization, using algorithms to scan live video feeds, also evokes privacy concerns – users of a live streaming app such as Periscope may feel violated if they know their feeds are being monitored. The technology could then be applied in all sorts of other ways as it becomes more sophisticated.

Companies invest heavily in protecting the content itself, as we’ve seen with the increasing adoption of multi-DRM security methods, but a lot of the analytics data itself is personal and subject to terms and conditions over privacy and so needs protecting just as much as the content, which can most conveniently be done by the same security systems.

Legal cases accusing companies of violating privacy laws have been won and lost over the years, suggesting that the use of data in the fields of personalization and recommendation, including targeted advertising, is still a gray area. Earlier this year, US publishing and financial information firm Dow Jones won a privacy lawsuit case in which a consumer accused the company of sending user data from its Roku app to analytics and video ad company mDialog. The allegations claimed that it transmitted information about content viewed along with the serial number of consumers’ Roku devices, but the judge dismissed the case on the grounds that the data supposedly sent to mDialog was not “personally identifiable”.

In April 2015, the US District Court for the Northern District of California granted Hulu’s request for a summary judgement regarding a complaint originally made against Hulu in 2011 for violating the Video Privacy Protection Act by sharing user information with Facebook. The court judged that Hulu didn’t “knowingly” share user data with the social media giant.

Going back even further to 2013, Netflix was fined $9 million for storing consumer viewing behavior records for two years, which violated the US Video Privacy Protection Law of 1988.

Furthermore, regarding the FCC’s decision to vote in favor of new set top leasing regulations, AT&T VP of Federal Regulatory, Stacy Fuller, made the point that because of this ruling, privacy rules could go out the window, and the emergence of advertising all over the programming could potentially wreck existing content deals. This was perhaps an over dramatization delivered in advance of the FCC rulemaking, but there is certainly some level of panic regarding who may, or may not, have access to analytics data if the set top market is thrown up in the air.

This is also true in the use of Google Widevine for content protection. Google will allow some “technically competent” security firms to run a Widevine server, but for other firms insists on running a cloud based Widevine server. This means that every time a license to content is served, it can be summarized by Google to recreate the viewing habits of individuals it has no business relationship with, without their knowledge.