Big news in Internet-land recently has been the revelation that ISPs are working with companies that do “deep-packed inspection” on Internet users’ traffic (see here and here). Basically, packet inspection allows you to see every bit of data sent to and from a particular user. You can see what sites they’re browsing, what searches they performed, pictures they downloaded, emails sent, passwords entered (if unencrypted), etc.

The idea is to use this information to better target ads to users. The companies involved claim they go to great lengths to anonymise any personal data, but I wonder to what extent that is possible with all the data flying by. In any case, the real issue seems to be whether or not users are being made aware that this is being done to them. Everyone should know that any unencrypted traffic you send or receive can be intercepted quite easily, especially by the ISP bottleneck through which all your data passes. But I guess most people’s general presumption is that this wouldn’t be done. There is also a security worry. There have been numerous cases of data breaches, where companies have accidentally revealed personal data of their customers and the like. In spite of best intentions, such things are always possible.

However, I’m not sure if regulation of privacy is needed here — maybe the market can adequately provide the level of privacy that people want. But for the market to work, people at least need to be informed. Perhaps some people would be happy to accept cheaper Internet access in return for being subject to deep packet inspection. Perhaps other people would prefer not. A regulation that specifies that users must be clearly told about the privacy status of their data might suffice.