Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The law section you linked to is concerned with PII, personally identifiable information. But what ISPs are most likely to sell is anonymized browsing data, i.e. when an advertiser goes to display an ad the ISP will tell them what other URLs you've been to but they won't tell the advertiser your name, address, social, etc.



Agreed, with the caveat that there are also restrictions requiring aggregation as well.


The only thing your link says about aggregate data is that PII is not aggregate data, meaning that aggregate data is exempt from these restrictions.


So, that's applicable to every instance except where being provided to the government (section h), and . It's somewhat circular in that regard. Combined with disclosure restrictions, specifically 2(c)(ii), the net result is that only aggregate disclosure is allowed unless specifically permitted by the end users.


My reading of it is that anonymized individual non-PII data, such as browsing history, is allowed to be sold.


You may be correct, now that I re-read it again. There may be something in a subsequent act that prevents non-aggregate data, but until/unless I find that, I'm working under the assumption that you are right and I am wrong, regarding aggregation.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: