The battle for your privacy is an ongoing one, a battle which plays out in marketing meetings, board rooms, and courtrooms. Companies have to weigh their customers’ needs and wants against the investment they make in their goods and services, while still meeting the government’s current regulations for protecting data and not infringing on citizen’s rights.

It’s those regulations that are making news this week, as an appeals court has now ruled that AT&T is outside of the Federal Trade Commission’s regulatory reach. The company’s “common carrier” status means it functions more like a utility than a service provider, and as such, does not fall under the same privacy umbrella that other companies do.

While consumer privacy—especially in relation to phone companies and internet providers—is a really big deal, it’s also a tricky issue. Giving these companies access to their customers’ internet searches, for example, is what enables advertising. Those pesky ads you see online might be annoying, but they’re also what make the internet operate at a price that consumers can afford.

But what really happens as a result of the Ninth Circuit Court of Appeals’ decision in FTC v AT&T Mobility is that common carriers are currently operating without a lot of regulation concerning what is private and what isn’t. That means the door is now open for Congress to have to step in and draft legislation that outlines what those companies can and cannot do with your activity.

This might seem like one of those “facts of life” areas where we have to take the good with the bad. After all, you can avoid having companies track your activity if you just stay off the internet. But there is another huge implication here, and that’s how this will affect the Internet of Things connected devices that are slowly but surely making their way into common household use.

Without regulation concerning consumer privacy, who’s to say the activity of your IoT devices has to be protected information? Who will be allowed to see when your IoT thermostat kicks on, meaning you’re home? Who will track the data when you lock your front door remotely, potentially telling anyone that you’ve left for the day? Even more alarming, who will be allowed to see the hourly readout from your IoT insulin meter, including your health insurance or life insurance companies?

Those are all very alarming hypothetical examples, but they speak to the need to establish regulations on what private data will be gathered, how it will be protected, and who will legally be allowed to access it. Without regulations, consumer data safeguards aren’t fully in place.

Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.