Who’s Watching You?


In a landmark decision last week, the Federal Communications Commission (FCC) adopted new rules that require internet service providers (ISPs), like Verizon and AT&T, to protect the privacy of their customers.  Rather than requesting an opt-out from their customers, the new rules now require that an ISP receive an opt-in before they can share sensitive information.  Specifically, the rules require:

Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.

Opt-out: ISPs would be allowed to use and share non-sensitive information unless a customer “opts-out.” All other individually identifiable customer information – for example, email address or service tier information – would be considered non-sensitive and the use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations.

As expected, the reaction from the multi-billion dollar online advertising business was not good.  One telecom executive threatened that costs might go up for consumers since ISPs will need to recover lost advertising revenue.  Industry lobbying groups were also not happy and said the new rules were “unprecedented, misguided, counterproductive, and potentially extremely harmful.”  

But the Chairman of the FCC, Tom Wheeler, explained why the new rules were necessary:

“There is a basic truth: It is the consumer’s information. It is not the information of the network the consumer hires to deliver that information.”

So why are we talking about internet privacy rules today?  Because the parallels between internet privacy and stock exchange proprietary data feeds are extremely similar.  There is an enormous amount of customer information that exchanges compile in their data feeds that is then repackaged and sold to some of their customers.  This information could then be used by predatory traders to reengineer order flow which could then harm investors.

We think something similar to the FCC’s newly adopted internet privacy policy should also be adopted by the SEC to safeguard investor information.  Exchanges should be required to obtain an “opt-in” from their customers before they include “sensitive information” (such as information on individual order cancellations and revisions) in their data feeds.  

We would expect the exchanges to vigorously fight our suggestion because the content in their feeds is really what drives their revenue. In his quarterly conference call last week, Nasdaq’s Bob Greifeld said: “It’s also important to recognize that our proprietary data feeds are first and foremost about content.”  We expect that the exchanges would likely say that transaction costs would go higher if the feeds were limited (similar to what the AT&T executive had to say about the FCC rules).  They would also likely complain that any new rules would be anti-competitive and potentially harmful for investors (similar to what the cable industry lobby had to say about the FCC rules).  We would hope that the SEC would see through these self-serving arguments.

Similar to what FCC Chairman Wheeler said about consumer information, we believe that information on your order flow is not the information of the stock exchange which was hired to deliver that information.  It is your information and it needs to be safeguarded from predatory traders who are looking to profit from it.