According to the FCC, ISPs collect vast amounts of data on what websites individual customers are visiting and what apps they are using. Mobile carriers can even track the movements of their customers. Under the new rules proposed today, the FCC would not flat-out prohibit ISPs from using any of the data. Rather, it would leave it up to the customers, using an opt-in/opt-out approach.
FCC Moves To Tighten Internet Privacy
Led by Chairman Tom Wheeler, the FCC this afternoon proposed new privacy rules for consumers of internet service providers, including most cable operators.
The proposal was adopted by a 3-2 vote along partisan lines with Democrats Mignon Clyburn and Jessica Rosenworcel joining Wheeler, and Republicans Ajit Pai and Michael O’Reilly dissenting.
Before voting on the final rules, the FCC will review comments from the industry and the public.
“It’s the consumers’ information and consumers should have the right to determine how it is used,” Wheeler said just prior to the vote.
Wheeler portrayed the proposed rules as extensions of protections consumers now have with their telephone service.
“A consumer makes a phone call, all the information about that call is protected unless the consumer authorizes its disclosure,” he said. “How does the fact that the network is connecting to the Internet rather than to a telephone make the expectation of consumer privacy any different?”
According to the FCC, the ISPs collect vast amounts of data on what websites individual customers are visiting and what apps they are using. Mobile carriers can even track the movements of their customers.
Under the proposed rules, the FCC would not flat-out prohibit ISPs from using any of the data. Rather, it would leave it up to the customers, using an opt-in/opt-out approach.
The ISPs would be able to use the data to market new communications-related services to customers unless the customers opt out — that is, explicitly deny permission.
However, the ISPs would not be allowed to use the data for any other purpose unless the customers opt in — that is, explicitly give permission.
The restrictions exclude the use of the data for routine customers relations like billing and email linking and for limited marketing of service enhancements. For instance, an ISP may suggest that a customer upgrade service if it notices they are using a great deal of data.
The proposal also requires ISPs to make reasonable efforts to safeguard customer data from hackers.
To that end, it would require ISPs to adopt risk management practices; institute personnel training; adopt strong customer authentication systems; identify a senior manager responsible for data security; and take responsibility for use and protection of customer information when shared with third parties.
In the case of a data breach, the ISP would have to notify customers within 10 days and the FCC within seven days. If the breach involves more than 5,000 customers, the ISP would also have to notify the FCC and Secret Service within seven days.
The rules would require ISPs to provide customers with ” clear, conspicuous and persistent” notice about what information they collect, use and share with third parties, and how customers can change their privacy preferences.
From morning to night, Commissioner Clyburn said in support of the measure, “my ISP knows which websites I visited (and, if not encrypted, the content I visited on each website), how long I was on each website, and when I was in my house versus my car versus my office.
“This is a treasure trove of information that is not only very personal to me but is also very valuable to marketers and retailers.
“As a consumer of these services, I want the ability to determine when and how my ISP uses my personal information.”
In a format statement released after the meeting, Wheeler explained that ISPs handle all Internet traffic.
“That means an ISP has a broad view of all of its customers’ unencrypted online activity – when we are online, the websites we visit, and the apps we use. If we have mobile devices — and I have had a mobile device since 1983 – our providers can track our physical location throughout the day in real time. Even when data is encrypted, our broadband providers can piece together significant amounts of information about us – including private information such as a chronic medical condition or financial problems – based on our online activity.
“Today’s proposal would give all consumers the tools we need to make informed decisions about how our ISPs use and share our data, and confidence that ISPs are keeping their customers’ data secure.”