Poor reporting. Personal Information != Browsing History. If you navigate to a company’s website, they have the right to track that information. NOTHING in your internet browser should contain PII. Two separate and distinct issues.
You are what you graze. Best to be Free Range.
The ISP, as a technical necessity, has to know that you (an identified & billable account at a known IP address) sent a data packet to a particular known website or other data service. That’s the whole POINT of an ISP. The particular _user_ may not be personally identified (me? wife? kids?), but enough information can be gleaned for practical marketing purposes (frequent visits to MatildaJane.com from a particular MAC address operating under the account of Mr. CTDonath are clearly Mrs. CTDonath at a known postal address and can be cross-referenced to glean oodles of additional PII - valuable information to marketers of women’s & children’s clothing).
It’s that pesky “metadata” problem. Encryption & anonymization is great (and strong/robust/ubiquitous implementation thereof is vital), but given the enormous amount of traffic being monitored, a great deal can be gleaned just by what data packets travel from where to where.
I’m actually working on a “single sign-on” service for app users for a major ISP. The whole point is we can confidently log you into other services with few/no instances of you manually entering ID & password - largely because we can identify you from numerous other metadata.