FCC Proposes To Give Broadband Consumers Increased Choice, Transparency and Security For Their Personal Data

The FCC today announced it will be proposing changes to broadband privacy guidelines putting more control of personal data in customer hands

Proposal would empower consumers to decide how data is used and shared by broadband providers 

The Federal Communications Commission today adopted a Notice of Proposed Rulemaking (NPRM) that proposes to establish privacy guidelines for broadband Internet Service Providers (ISPs). The proposal is designed to ensure broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs. 

The NPRM proposes rules implementing the privacy requirements of Section 222 of the Communications Act for broadband ISPs. It proposes rules that would give broadband customers the tools they need to make informed decisions about how their information is used by their ISPs and whether and for what purposes their ISPs may share their customers’ information with third parties. 

To provide consumers more control over the use of their personal information – and enforce the broadband provider’s responsibility to safeguard such data – the NPRM separates the use and sharing of information into three categories, and proposes adoption of clear guidance for both ISPs and customers about the transparency, choice and security requirements for customers’ personal information:

• Consent Inherent in Customer Decision to Purchase ISP’s Services:  Customer data necessary to provide broadband services and for marketing the type of broadband service purchased by a customer – and for certain other purposes consistent with customer expectations, such as contacting public safety – would require no additional customer consent beyond the creation of the customer-ISP relationship.
• Opt-out:  Broadband providers would be allowed to use customer data for the purposes of marketing other communications-related services and to share customer data with their affiliates that provide communications-related services for the purposes of marketing such services unless the customer affirmatively opts out.
• Opt-in:  All other uses and sharing of consumer data would require express, affirmative “opt-in” consent from customers. 

In addition, the NPRM proposes:

• Transparency requirements that require ISPs to provide customers with clear, conspicuous and persistent notice about what information they collect, use and share with third parties, and how customers can change their privacy preferences;
• Robust and flexible data security requirements for broadband providers that include requirementsto adopt risk management practices; institute personnel training practices; implement strong customer authentication requirements; identify a senior manager responsible for data security; and take responsibility for use and protection of customer information when shared with third parties.
• Common-sense data breach notification requirements to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information. 

The NPRM also asks for comment on additional or alternative paths to achieve pro-consumer, pro-privacy goals. 

The scope of the NPRM is limited to broadband service providers. The NPRM does not apply to the privacy practices of web sites and other “edge services” over which the Federal Trade Commission has authority. The NPRM’s scope does not include other services of a broadband provider, such as the operation of a social media website, or issues such as government surveillance, encryption or law enforcement. 

Source: FCC release