FCC Asked To Rule That Anonymized Phone Call Data May Not Be Shared Absent Customer Consent Under CPNI Rules


A coalition of privacy advocates filed a petition for declaratory ruling with the FCC on December 11, 2013 seeking a significant tightening of the Commission’s existing rules that limit the sharing of Customer Proprietary Network Information (CPNI) by telecommunications carriers and other phone service providers. The coalition, led by Public Knowledge, has asked the Commission to rule that phone call data that has been “anonymized” or “de-identified” by removing personal identifiers is nevertheless “identifying information” under the CPNI rules which may not be shared with other companies or entities absent the customer’s consent.

“CPNI” includes call information such as the time, date, destination, location, and network configuration of a call that is known by the service provider solely through its relationship with the customer, plus information on the customer’s bill relating to phone service. Section 222 of the Communications Act places restrictions on the use and sharing of “individually identifiable” CPNI, with an exception that allows service providers to use anonymous aggregated data. The theory of the petition is that all CPNI is “individually identifiable” and protected from use without consent unless it is aggregated.

Earlier FCC decisions, however, tie the protection of CPNI to the privacy interests of customers in information they view as sensitive and personal. Yet the petition asks the Commission to prohibit the use of anonymized call data because, it argues, Congress intended to protect records that refer to a single account regardless of whether those records can be used to identify a person. If accepted, that theory would substantially expand the universe of data protected as CPNI, and prohibit the use of data that in other contexts is perfectly acceptable given the absence of any personally identifiable information.

The petition also includes the argument that anonymized data may not always be safe from re-identification. It presents this point summarily, citing to a well-known study that was used in the health-care context with no real detail or explanation on re-identification possibilities that may exist with anonymized datasets such as masked digits of a phone number.

The petition will likely make its way through the FCC for many weeks, if not longer, before the Commission decides to act upon it. We will be tracking this filing and will post if and when the Commission establishes a proceeding with deadlines for comments.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Wright Tremaine LLP | Attorney Advertising

Written by:


Davis Wright Tremaine LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.