Business Privacy Online: How Much Is Private?

Just by browsing the internet in the course of a normal business day, organisations gather information about you and your company. The websites you visit might be able to see your IP address, as well as the route you took to reach their site from the search engine. Your browsing history is valuable data to many organisations, who can use it to develop their understanding of different demographics’ online activity. These organisations use this information to develop highly targeted advertising, which affects everything from what adverts you see online to what results you get in search engines.

For that reason, our team at BusinessComparison has looked into what information broadband providers and web browsers are collecting about their customers and users. We thought it would be interesting to dig into the privacy policies to see exactly what some major broadband providers say about online privacy. This research is provided for your information only and does not constitute a recommendation of any particular services or products.

Web Browsers

Private Browsing isn't Truly Private

Incognito, Private Window, InPrivate - whatever the browser you use calls it, the name could be considered a little misleading.

While your computer won't store data from browsing in these windows, organisations can still track your information - it’s just kept private from others using the same device rather than being kept entirely private to you.

For example, system administrators will be able to see what the user was up to, and websites visited can still see your IP address. That’s interesting news for anyone who has ever had a quick look at a competing company’s website and thought they wouldn’t know!

Even in private browsing sessions, you will still share some of your Google Chrome internet usage data with the parent company, Google. Microsoft Edge also gathers and shares some of your internet usage data with Microsoft.

Does a Browser Open Each Private Window Separately?

This is a factor to consider because if all private browsing tabs you open are within the same instance, cookies and trackers on the websites you visit will be able to build a composite picture of you across those websites. Rather than just a person on the BBC website, you will be a person on the BBC website who looked at a particular product on Amazon while logged into X (Twitter).

The way that organisations can build a picture of you while browsing multiple incognito tabs is a drawback for Chrome. All Incognito tabs open within the same window, meaning organisations can build a composite picture of you based on your browsing history.

On the other hand, Safari, the default browser on Apple devices, opens each Private Tab separately, which means organisations can't track your activity in these different sessions.

With Mozilla Firefox, you would need to get the official Multi-Account Containers add-on to access this feature. It will allow you to, for instance, have several different online email inboxes open at the same time, without cookies or trackers connecting those accounts as belonging to the same person.

Microsoft Edge does not have this feature, but there is a workaround. You can add another user profile and then open another InPrivate window as this other profile. This way, your private browsing windows will be separate, and you won't share your information between them.

Customisable Settings

You can customise Microsoft Edge's privacy settings to quite a high degree, allowing you to choose the level of privacy you require - three settings allow users to choose whether to allow all trackers, only some or block all.

In Firefox, the Do Not Track setting, which asks websites not to use trackers to follow your activity, is active by default in private browsing, but you can also choose to switch it on for your normal browsing sessions too. Google Chrome also has a Do Not Track setting.

It’s worth bearing in mind that settings like this cannot entirely prevent websites from using trackers. It isn’t enforceable, and not all websites will honour the Do Not Track request, especially if, like some social media websites, they rely on advertising for revenue.

Apple’s web browser Safari removed its Do Not Track setting in 2019 to replace it with its own Intelligent Tracking Prevention. This method is a bit more advanced and allows users to remain logged in on websites they visit infrequently while still limiting the tracking these websites are able to carry out. It is active by default, and Edge, Firefox, and Chrome are all working on their own versions of this privacy setting.

Installed as Standard

While the other three browsers reviewed can be pre-installed on company equipment depending on the brand that made the product, Mozilla Firefox will not. Because of this, Firefox doesn't get as much use as other browsers, as businesses and individuals often prefer the peace of mind that comes with using the software already installed. As a non-standard browser, this means it is less likely that you will see an entire team at work using it.

Deleting ‘Downloads’ and Forms Information

Microsoft Edge is the outlier in this category, as the other browsers are slightly more private in this respect. When you open an InPrivate window in Edge, if you log into your user profile, you can automatically fill forms with your previously saved information. This feature is convenient, but it just goes to show that your private windows are not entirely separate from your normal browsing. Also, while Microsoft Edge stores all your downloads in your Downloads folder, data about your downloads is also stored in your browser. Microsoft Edge does not clear this data after a private browsing session, while the other browsers reviewed do.

Choosing your Browser

For most people, any of these browsers would be suitable for their needs. While it can be surprising to hear how much of your internet usage browsers track, record or share for advertising purposes, the privacy settings available can mitigate this.

However, it’s important to remember that anything you do on the internet will not be totally private. Whether you’re shopping for a present for someone you share a device with or researching another company in your industry, your internet browsing activity is no secret.

Broadband Providers

Standard Data Collected

It’s standard for broadband internet providers to store information on the contract holder in order to facilitate their relationship with the client. That’s personal information such as name and date of birth, contact information and financial data such as card details. Broadband providers will also store communications they have with their clients, whether that’s emails or phone conversations.

But what other kinds of data are stored by broadband providers?

Anonymised Data

In some broadband providers’ privacy policies, you will see a reference to “aggregate anonymised data”. This term refers to information that has been de-identified and grouped together. For example, instead of identifying all individual users aged 40, aggregated data might say that there were any number of users aged between 35-44.

This type of data is often used internally by the ISP to help them track which products and services are more popular among different demographics. Utility Warehouse’s privacy policy describes collecting this anonymised data for “statistical analysis and business planning”.

Sharing Information with Third Parties

Due to GDPR, it is illegal for your ISP to collect personal information on you and your internet activity and share it with or sell it to third parties without your consent.

However, there are some circumstances in which they may share your data with other parties.

Many ISPs will sometimes use external suppliers to conduct activities such as running an online marketing campaign, carrying out a survey or providing support with matters such as processing payments. In these cases, it may be necessary to share your data with them, only to the extent that they are able to perform their task. All the privacy policies reviewed stated this would be the case.

In cases where your ISP is part of a joint venture with another company or is one of the subsidiaries of a larger holding company, you may find some mention of this in the privacy policy. Your broadband provider may be part of a much larger group. For example, while Sky provides broadband, they are perhaps better known for their subscription television offering, which operates under the name Sky Subscriber Services Limited. The group overall, Sky Group, has many subsidiaries that provide different services - and the group itself is part of an even larger American media conglomerate, Comcast Corporation.

Virgin Media Business can share data with O2 as they are joint venture companies. This means that O2 may reach out to those who use Virgin Media Business to offer them products and services, for example, using the email address their Virgin Media Business account is under.

Similarly, Origin Broadband is part of the TalkTalk group, and Plusnet is part of the BT group. Their privacy policies both state they might share customer details with other companies in their respective groups.

When Someone Might Access Your Browser History

Providers mention crime prevention and detection as one situation in which they might monitor browser history in order to share information with government and law enforcement agencies.

Providers will only access the types of websites visited on your company equipment, information about your internet session (including time and date), device information and IP address when strictly necessary, such as in situations when they have to assist the police.

Top tips

Use HTTPS Encryption

When website URLs begin with 'https://' rather than 'http://', the additional ‘s’ stands for ‘secure’. These URLs are encrypted in such a way that ISPs or third parties cannot view your web traffic. They will only be able to see the domain name of the website you are using and not specific pages. 84.6% of websites are now HTTPS encrypted as standard, meaning that they are more secure. These websites include blogs that use hosting services like WordPress, as many of these web hosting providers now offer the necessary SSL certificate as part of their package.

As most search engines use HTTPS, this means that your ISP will not read your search history. However, bear in mind that if your ISP was legally required to do so, for instance, for the purposes of crime prevention, they would be able to use deep packet inspection to identify specific web pages and search results, regardless of HTTPS encryption.

While your ISP might not track your search history, your search engine usually will. You might find yourself being served up targeted ads along the same theme as a recent search - if this has happened to you, it’s probably no coincidence! The website you visit from a search engine results page will also be able to see the search terms you used to find them.

Be Careful if You Connect to Public Wi-Fi

If you or your colleagues ever work remotely using company equipment, be mindful that public Wi-Fi can make it easier for third parties to intercept your internet activity. If the Wi-Fi network is unsecured (meaning that it isn’t protected by a security protocol such as Wi-Fi Protected Access 2), someone on the same network might be able to see your activity and even steal your passwords using a method known as the man-in-the-middle attack.

If your business doesn’t have a policy on public Wi-Fi, it’s worth bearing in mind that even with HTTPS encryption, it’s better to use your mobile hotspot if you need to get online for a quick task while you’re out and about. This is because of security as well as privacy - unsecured public Wi-Fi can also open the door for malware to infect your device. Someone could lure you into entering your information on a fake login page or clicking on a dodgy ad.

Remember Which Platforms Belong to the Same Company

YouTube belongs to Google, which means that even if you are careful to always search in a private browser when looking for a present for a loved one, watching a review of the product on YouTube can still lead to targeted ads in Google Chrome. Similarly, Instagram and Facebook now belong to the same parent company, Meta, and information about your internet activity is shared between them, whether that’s what you do on social media or other websites you go to while still logged in to Facebook.

Privacy Measures You Can Take

For the privacy conscious, there are some helpful tools and solutions you can use to stop data about your internet activity from being stored and shared. However, while these methods can increase the privacy of your experience a great deal, it’s important to note that government agencies and law enforcement are always able to investigate serious illegal activity on the internet.

DuckDuckGo is an alternative to Google, Bing and other major search engines, which differs in that it does not store any data about the user. This means it won’t recommend answers to your search based on your previous internet activity and won’t tell websites you visit that you came via DuckDuckGo or what your search terms were. There are limitations associated with this - because the search engine is not tracking any information about you, you will be less likely to be given location-based results.

VPNs are becoming increasingly popular. A Virtual Private Network is a service that encrypts your data and replaces your IP address - the unique set of numbers that gives information about the user’s location. With the combination of data encryption and a disguised IP address, it becomes harder for the websites you visit to gather data about you. As with DuckDuckGo, none of your search information will be stored or shared.

A VPN will prevent a lot of targeted advertising from reaching you, as well as solving one of the issues we mentioned earlier - public Wi-Fi. When you use a VPN, you protect yourself from people getting in between your device and the website you are trying to connect to.

In Conclusion

Data about our internet habits is valuable to companies as it’s the basis for targeted advertising online. While lots of information stored about us is useful to us, for example, enabling search engines to make very welcome recommendations, it can be surprising to hear just how much data there is on us and our online activity out there. We can all decide how much of our data we would like to be accessible to others and take measures to reduce how much information we are revealing.

How We Can Help Your Business

We help you compare essential business products and services, ensuring you get the best deal. Save time and money with BusinessComparison by comparing today.

Sam White