AT&T making it even harder for you to protect your privacy

An AT&T store in New York's Times Square. AT&T has created a challenging process for opting out of marketing ptiches from the company and its partners.
(Richard Drew / Associated Press)

In completing his company’s $49-billion acquisition of DirecTV last month, AT&T Chief Executive Randall Stephenson said it was “all about giving customers more choices.”

He meant entertainment and service choices, but he could just as easily have been referring to the myriad of decisions customers will encounter if they seek to protect their privacy.

Instead of using the DirecTV deal as an opportunity to simplify its privacy policy, AT&T has created a more challenging process for opting out of marketing pitches from the company and its partners and for escaping AT&T’s watchful gaze as you traverse the Internet.


This is a problem at all telecom companies. As the tentacles of these gargantuan firms extend ever further, safeguarding what little privacy you may enjoy becomes an increasingly complicated task.

Deirdre Mulligan, an associate professor at UC Berkeley’s School of Information, said telecom companies seem to have made it deliberately tough for customers to opt out of marketing schemes and having their personal data shared.

“There’s a desire among these companies to protect as much opportunity as they have to market to people,” she said. “They know that how complicated a privacy policy is, how it’s presented, can create barriers to opting out.”

Goleta resident Bruce Wilson said he was “extremely disappointed” after being notified recently by AT&T about its latest privacy policy.

“I’m one of those people who has all sorts of security programs on his computer,” he told me. “I’m always removing cookies so companies can’t track me.”

SIGN UP for the free California Inc. business newsletter >>


AT&T, he said, appears determined to thwart such efforts.

Like many tech and telecom companies, AT&T is equipped to monitor your online behavior and to target you with ads it thinks you might be interested in.

If you don’t want the company doing this, according to the privacy policy, you have to go to an AT&T Web page and opt out individually from 21 separate online ad companies.

The policy also says you have to do this “on each computer browser you wish to exclude.” So if you use both Firefox and Internet Explorer, say, or if you go online with multiple devices — and who doesn’t? — you’ll have to repeat this process over and over.

But wait. If any of those devices are mobile, as opposed to your desktop computer, you’ll need to opt out from a different AT&T site.

DirecTV subscribers have the ability to opt out of having their viewing habits influence the ads they see. But they have to go to yet another AT&T site to do this.

AT&T says customers can opt out of “online behavioral advertising from other companies who have joined an association called the Network Advertising Initiative,” which is a trade group for online advertisers.

But — you guessed it — that means going to another site.

And as if all that weren’t frustrating enough, AT&T’s privacy policy finally gets around to revealing that if you clear the cookies from any browser or device, you could be back at square one.

Cookies are bits of code that help companies and websites identify you. They can be helpful if you visit the same site frequently. But they also enable businesses to peek over your shoulder as you go about your digital activities.

For that reason, privacy experts recommend clearing out the cookies from your browser from time to time. The tech site Digital Trends has easy-to-follow instructions for going cookie-free.

AT&T, however, says that if you clear out any cookies, “you’ll need to perform the opt-out procedure again” because the company will forget your privacy preference for that particular browser or device.

Georgia Taylor, an AT&T spokeswoman, defended the company’s opt-out procedures as being “consistent with industry practice.” And that’s true.

Verizon Communications’ privacy policy also requires customers to jump through hoops to opt out of data sharing across all platforms.

To the company’s credit, though, its policy does a better job of explaining how customer information is used and placing all the opt-out links in proximity to one another.

AT&T’s Taylor said that “as technology evolves along with industry best practices,” all companies “will work hard to make things easier for our customers.”

To which I say: Why wait?

Interested in the stories shaping California? Sign up for the free Essential California newsletter >>

Best practices notwithstanding, companies don’t have to rely on cookies to store people’s privacy preferences. They can instead employ what are known as stable IDs that identify you across multiple browsers and devices.

They also don’t have to opt people into data-sharing programs automatically. Instead, the default should be that no data sharing or tracking is allowed without people’s permission.

But if opt-outs are to remain the industry standard, they should be as streamlined as possible, with a single privacy preference covering all interactions. It should be the company’s responsibility, not the consumer’s, to apply that preference across every platform.

“The letter of the law may allow them to do things as they are now,” said Jill Bronfman, director of the Privacy and Technology Project at UC Hastings College of the Law. “But the spirit of the law is that they need to offer consumer-friendly privacy options.”

Seems clear that when the telecom industry speaks of “best practices,” it means best for them, not you.

David Lazarus’ column runs Tuesdays and Fridays. he also can be seen daily on KTLA-TV Channel 5 and followed on Twitter @Davidlaz. Send your tips or feedback to


Getting out of an unwanted timeshare deal

Columbia House — 12 albums for a penny! — files for bankruptcy

Millionaire CEOs should support a living wage for fast-food workers