FCC Proposes Broadband Privacy Rules

Action Marks the First Big Privacy Move by Federal Communications Commission Under Net Neutrality

By Published on .

Reprints Reprints

Tom Wheeler, chairman, Federal Communications Commission
Tom Wheeler, chairman, Federal Communications Commission

Federal Communications Commission Chairman Tom Wheeler today proposed privacy regulations for broadband ISP services that commissioners will consider in the coming weeks. If passed, the move will be seen as a milestone in digital privacy regulations, as the FCC helps carry a torch long held by the Federal Trade Commission.

The FCC's adoption of net neutrality rules for broadband last year opened a new privacy arena for the agency, which is making good on its promise to move forward on privacy protection rules.

"You will see us within the next several months addressing the question of privacy practices of those who provide network services and how it affects you and me," Mr. Wheeler told PBS's Charlie Rose in a November interview. "In other words, do I know what information is being collected, do I have a voice in whether or not that's going to be used in one way or another. Those are two very important baseline rights that individuals ought to have."

Consumer advocates have banged the drum for FCC broadband privacy rules since the FCC's Open Internet Order was adopted in February 2015. In January of this year, several organizations, including Electronic Frontier Foundation, World Privacy Forum and American Civil Liberties Union, sent a letter to Mr. Wheeler urging him to propose rules protecting consumers from personal data collection without consent, data breach notification and disclosure of data collection practices.

Today's proposal has three pillars -- choice, transparency and security. It calls on ISPs to give consumers control over what personal information is used and shared, provide a clear view of how information is used, and protect how consumer data is stored. It would also require broadband providers to allow customers to opt-out from use of their data for marketing purposes, and require opt-in for other data uses and sharing.

"The Chairman's proposal does not prohibit ISPs from using or sharing customer data, for any purpose," stated an FCC fact sheet about the proposal. "It simply proposes that consumers have choices -- either to opt out in some instances or to require that the ISP first obtain customers' permission before using and sharing the customer's data in others."

The FCC already flexed some privacy oversight muscle earlier this week when it announced a settlement with Verizon. The company agreed to pay a $1.35 million fine for tracking users with a persistent "super-cookie" that was near impossible to remove.

The Federal Trade Commission historically has been the internet's privacy watchdog; however, while the FTC has had limited power, the Open Internet Order reclassifying internet access as a common carrier service (often referred to as net neutrality) gave the FCC strengthened authority to protect online privacy. "With its rulemaking authority, the FCC should set privacy baselines that help to define the minimum standards that Americans can expect from their ISPs," stated an Open Technology Institute paper published in January.

Another sign of the FCC's impending privacy focus: its hire of Jonathan Mayer as chief technologist in the Bureau of Law Enforcement in November. A longtime tech-savvy academic who conducted research exposing porous corporate data security and questionable digital tracking practices, Mr. Mayer was brought on board in November by Enforcement Bureau Chief Travis LeBlanc.

Today's proposal, details of which have not been made public, will be up for vote by the full Commission at its March 31 Open Meeting. If adopted, a public comment period will follow.