Dutch ISP Odido Shared Customers' Personal Data With American AI Company for Years Without Disclosure

Summary

Dutch internet service provider Odido forwarded sensitive personal data from customers' routers to American AI company Lifemote for years without adequate disclosure in its privacy statement, according to reporting by the Telegraaf. The data shared included device names and MAC addresses from home networks, as well as information about surrounding Wi-Fi networks—information that security researchers say can be used for location tracking and highly targeted advertising. Odido appears to have stopped the practice after being questioned by the newspaper and claims to have updated its router software, though the company did not explain why it was sharing customer data with the AI company in the first place. This incident adds to Odido's recent privacy troubles, following a major data breach affecting 6.2 million current and former customers and revelations that the company retained personal data far longer than stated in its privacy policy.

• The incident reflects broader concerns about data flows between telecommunications companies and AI firms, particularly across international borders

Editorial Opinion

This case underscores a troubling pattern where data protection regulations like GDPR exist on paper but lack teeth in enforcement. Odido's nonchalant attitude toward forwarding sensitive household data to an American AI company—and its apparent willingness to continue until caught—demonstrates that companies still view privacy obligations as negotiable. The fact that MAC addresses, which can uniquely identify and track devices, were shared without explicit consent reveals a dangerous gap between what privacy policies claim and what actually happens with user data.