How the FCC's Privacy Proposal Could Affect More Than ISPs
The details of Thursday's Federal Communications Commission proposal for new rules applying to how Internet Service Providers can use consumer data are not yet public.
However, it's clear that if approved, the rules requiring data-collection notification, consumer choice and security protections will change the way some ISPs share data. Ad Age sat down Friday with FCC Chairman Tom Wheeler to discuss his privacy proposal, what it means for telcos and ISPs, and how it could affect the rest of the digital ecosystem.
A key element to keep in mind is that the rules will apply to internet connections including mobile ones, said Mr. Wheeler. But here's where it gets somewhat complex: Things like mobile web sites and apps are beyond FCC jurisdiction. The FCC has responsibility for the network functions that connect our devices to an app or mobile sites, the pipes as Mr. Wheeler often puts it.
So, the Federal Trade Commission, the consumer watchdog we've come to know as the primary digital privacy protector, still has oversight of the so-called "edge" providers that ISPs connect consumers to such as website operators like Facebook, email providers like Google or app platforms like Apple.
This new privacy arena for the FCC opened as a result of the agency's adoption of net-neutrality rules for broadband last year, giving it jurisdiction over ISP use of consumer data, the same way the agency has purview over how phone companies use our information. The FCC should have more impact than the Federal Trade Commission has had when it comes to safeguarding consumer privacy, however, mainly because the FCC has rulemaking authority while the FTC does not.
Thursday's FCC proposal has three pillars -- choice, transparency and security. It calls on ISPs to give consumers control over what personal information is used and shared, provide a clear view of how information is used, and protect how consumer data is stored. It would also require broadband providers to allow customers to opt-out from use of their data for marketing purposes, and require opt-in for other data uses and sharing.
Why the Opt-in standard is important
The inclusion of an opt-in standard for certain data uses is significant. Other privacy guidelines such as the ad industry's own Digital Advertising Alliance require only that corporations respond to requests from consumers who opt out of data uses like ad targeting based on behavioral data. The FCC proposal would require that ISPs need only allow consumers to opt out from uses of their data for marketing purposes, billing, or for example, notifying them when they are nearing their mobile data limit.
What's different is that ISPs would need to get opt-in permission from consumers for other data uses. For instance, if ISPs such as Verizon or Comcast want to share information showing a consumer viewed cancer treatment websites with partners, they would have to obtain opt-in consent from consumers.
While it's unlikely it would happen, theoretically, if every mobile user decided not to opt-in to data sharing, it would cut off a vast estuary of data streaming throughout the ecosystem at its source.
That could mean a lot for companies such as SAP, IBM, HP and others that have fostered under-the-radar partnerships with telcos that give them data on what consumers look at on their phones and where their mobile devices have been geographically. Telcos enabling mobile internet connections -- Verizon, Sprint, Telefonica and other carriers -- have established these partnerships, detailed in an investigative Ad Age report, in order to create new revenue streams from their data.
Companies have said "this really isn't something we do that much," said Mr. Wheeler. "So if it's not something they do that much, then why are they worried about it?"
An ISP might need to get a consumer to opt-in for other relationships with ad tech companies, suggested Mr. Wheeler. "If you're an RTB platform for instance, that's not our turf, but the information that populates the RTB platform, they are affected to the extent that the ISP may or may not have information to sell them."
A kinder Federal regulation?
Mr. Wheeler was careful, however, to point out that the FCC isn't interested in micromanaging the sector. Whereas in years past, the government would tell companies how and what to do in some situations, he said, "when you finally see the proposed rulemaking you will see that there are places throughout that say we want the ISPs to be able to innovate to be able to use information, but it's the consumers' information and it's their decision. I actually wrote those parts of the order, of the notice, because I wanted to make it clear we're not against the use of information. We're against the unauthorized use of information."
One of the most prominent recent moves as ISPs and telcos have embarked on these emerging telco "data as a service" businesses is Verizon's $4.4 billion acquisition of AOL last year, followed by its purchase of mobile ad network Millennial Media for $238 million. Many saw the AOL buy as a means for Verizon -- the telco/ISP -- to turn its data into a viable business, in part because AOL -- the "edge" firm in the eyes of the FCC -- provides ad-tech infrastructure and marketer relationships that Verizon lacks.
ISP Comcast, which owns NBC Universal, might also be affected.
The FCC proposal would not prevent this type of data sharing, but it would require that the Verizons and Comcasts of the world obtain an opt-in from consumers in order to do it. Expect several details such as how companies would notify consumers of their opt-out and opt-in offerings to follow if the proposal is approved.
Mr. Wheeler said he expects "a fulsome discussion" during the 30-day comment period and subsequent 30-day comment reply period that will follow if the proposal is approved by commissioners on March 31.