T-Mobile will sell your web-usage data to advertisers unless you opt out

The logo of Deutsche Telekom, owner of T-Mobile, seen over a booth at the Mobile World Congress expo hall.

Enlarge / The logo of Deutsche Telekom, owner of T-Mobile, seen at Mobile World Congress in February 2019 in Barcelona, Spain.
Getty Images | NurPhoto

reader comments

55 with 49 posters participating

T-Mobile next month will start a new program that gives customers’ web-browsing and device-usage data to advertisers unless customers opt out of the data sharing.

“[S]tarting April 26, 2021, T‑Mobile will begin a new program that uses some data we have about you, including information we learn from your web and device usage data (like the apps installed on your device) and interactions with our products and services for our own and 3rd party advertising, unless you tell us not to,” T-Mobile said in a privacy notice. “When we share this information with third parties, it is not tied to your name or information that directly identifies you.”

For directions on how to opt out of the expanded data sharing, see the first section of the T-Mobile privacy notice. There’s also an opt-out link here.

T-Mobile, which completed its purchase of Sprint in April 2020, said that the new advertising “program changes the way Sprint offered choices for sharing in the past, as this data was previously used only if you indicated that it was OK with you first.”

It’s not clear exactly how big a change this is for non-Sprint customers of T-Mobile. An August 2020 version of the privacy policy said that T-Mobile collects “websites and URLs visited” but did not list smartphone customers’ web-browsing data in the list of information shared with third parties. However, that August 2020 version said that T-Mobile sold “device identifiers and Internet and electronic network activity to facilitate certain advertising activities commonly deployed by online and technology companies.” A similar disclosure was in T-Mobile’s privacy policy before the Sprint acquisition as well.

T-Mobile says in another webpage describing its advertising and analytics program that it collects “addresses of websites visited; types of websites visited, like sports sites, music sites, etc.; applications, content, and features used—including how much time you spent using them, and information from servers that host these apps, content, and features.”

article on the T-Mobile changes today.

“It’s hard to say with a straight face, ‘We’re not going to share your name with it,'” Electronic Frontier Foundation lawyer Aaron Mackey told the Journal. “This type of data is very personal and revealing, and it’s trivial to link that de-identified info back to you.”

Before the merger with T-Mobile, “Sprint had previously shared similar data only from customers who opted into its third-party ad program,” the Journal wrote. “We’ve heard many say they prefer more relevant ads so we’re defaulting to this [opt-out] setting,” a T-Mobile spokesperson told the Journal.

We asked T-Mobile several questions about the data-sharing changes and for details on how exactly it ensures that data can’t be linked to individual customers, and we’ll update this article if we get a response.

Update at 9:37pm ET: In response to our question about what data is being shared, a T-Mobile spokesperson told us, “We only share Advertising IDs, which are pooled to create audience segments based on customer interests, like sports or entertainment. We do not share underlying customer broadband or device usage data with third parties.”

However, T-Mobile’s privacy policy indicates that each “Advertising ID” is tied to one device. T-Mobile didn’t provide much of an explanation on how it makes sure each Advertising ID cannot be tied to an individual customer, saying only that “We do not utilize information for advertising that directly identifies customers, like name, address, email or precise location information.”

this webpage that “We don’t share information about your individual web browsing or TV viewing” in its “relevant advertising” system, but offers an “enhanced relevant advertising” system that shares additional information only with customers’ “prior explicit consent.”

Verizon says on a relevant mobile advertising FAQ that “Information Verizon Wireless has about web activity from your mobile device is not used in the program.” The program does use “mobile and online web browsing information” collected by Verizon’s Yahoo and AOL subsidiaries, but this apparently wouldn’t cover browsing to non-Verizon websites. Customers can opt out of this targeted advertising program.

In 2016, Verizon agreed to pay a $1.35 million fine and give users more control over “supercookies” that identify customers in order to deliver targeted ads. Verizon’s previous use of the supercookies without properly notifying users violated an FCC rule that required Internet providers to disclose accurate information about network management practices to consumers.

Carriers sold location data without consent

T-Mobile and the other major carriers were previously caught selling their customers’ real-time location data to third-party data brokers without customer consent, violating a law banning sales of phone-location data. The Federal Communications Commission in February 2020 proposed a fine of $91 million for T-Mobile, the biggest for any of the major carriers, but T-Mobile said it would fight the penalty.

The Obama-era FCC tried to require home-Internet and mobile broadband providers to get consumers’ opt-in consent before using, sharing, or selling web-browsing and app-usage histories, but a Republican-controlled Congress and then-President Trump killed the rule in 2017 before it took effect.

Article Categories: