Is your ISP selling your clickstream data?

David Cancel, the CEO of Compete Inc revealed at the Open Data 2007 conference that (some) ISPs are selling so called clickstream data of their users to marketing companies like Compete Inc. Clickstream data refers to the sequence of websites visited including the time that the sites were viewed. This is however not all the information that the companies get access to when they purchase the data from Internet Service Providers.

While they do not get access to your real name, all clicks on links that you make while connected to the Internet are made available to them. These clicks are linked to anonymized user accounts, e.g. user1, user2, so that they can be linked to accounts right away.A look back in history reveals that removing personally identifiable information from data may not be enough to prevent the identification of users. The AOL data release has shown that information can be used to identify specific users even if the data is anonymized.A simply example is if a user visits a a particular Facebook page, or a private website. By combining the information, marketers may be able to identify users.

The exact nature of the data that is being sold to the marketing companies is not known. Experts estimate that ISPs receive about $0.40 per month per user which totals to $4.80 per year per user.

An ISP with 10000 users would gain $48000 per year for the data that they sell. Enough money to forget about the privacy rights of their customers. The question remains: how can you find out if your ISP is selling clickstream data?

You can try and call them and ask them directly but the guys from the hotline probably do not even know what clickstream data is. A better way would be to call a representative or the official data protection officer.

The only possible way to counter this would be to use encryption, specifically encrypted vpns that make it impossible for the ISP to log what their users are doing.

Advertisement