The Federal Trade Commission (FTC) is researching the privacy practices of AppNexus, Oath and other advertising subsidiaries owned by broadband companies.

The agency is in the midst of examining the privacy policies, procedures and practices of broadband providers as part of an overarching study into how telecom companies are morphing into vertically integrated behemoths that also distribute ad-supported content.

Although this is just an early fact-finding exercise, not an investigation, the FTC’s interest could represent a risk factor for AT&T’s big bet on data-driven advertising with Xandr.

To kick off its study, the FTC initially sent orders to seven broadband providers in March seeking info on how they collect, retain, use and disclose data about consumers and their devices.

AT&T Inc., AT&T Mobility, Comcast (doing business as Xfinity), T-Mobile, Google Fiber, Verizon Communications and Verizon Wireless all received the order.

But on Thursday, the commission announced that it’s withdrawing those orders and reissuing new ones aimed specifically at their advertising divisions. It’s possible that the FTC hit a brick wall with its first series of requests to the larger parent companies and were directed to their advertising arms.

The FTC is now seeking privacy-related information from AT&T-owned AppNexus, Verizon Online and Verizon-owned Oath. The commission is also adding a new inquiry to Charter Communications, the second largest cable provider in the United States.

The orders want details on everything from what the companies collect; the techniques used for collection; whether the data is shared with third parties; internal policies for access to data; their data retention policies; copies of their data collection disclosures; and their procedures for allowing consumers to access, correct and/or delete their personal information.

The FTC currently has authority over the privacy practices of common carriers such as Verizon and AT&T.

But, back in 2015, the FTC had been effectively stripped of that authority when the Federal Communications Commission (FCC) ruled under then-commissioner Tom Wheeler that broadband internet should be classified as a common carrier service.

The following year, the FCC passed a set of strict ISP privacy rules, which would have required broadband providers to get explicit opt-in before using subscriber data for targeted advertising, including web browsing, app usage and geolocation info.

In April 2017, President Trump repealed the FCC’s ISP privacy rules, seemingly opening the door to telcos and their data-driven advertising ambitions.