FCC Approves Consumer Privacy Rules For Broadband ISPs

King & Spalding
Contact



On October 27, 2016, the U.S. Federal Communications Commission (“FCC”), in a 3-2 vote along party lines, adopted new privacy rules for broadband providers aimed at protecting the privacy of consumers. FCC Chairman Tom Wheeler stated during a press conference that “the bottom line is that broadband subscribers will finally be in the driver’s seat.” 

The new rules implement the privacy requirements of Section 222 of the Communications Act for broadband Internet Service Providers (“ISPs”). The rules aim to give broadband customers more control over how their personal information is used and shared by their ISPs. The FCC established a framework of customer consent required for ISPs to use and share their customers’ personal information based on the sensitivity of the information, an approach that is consistent with other privacy frameworks.

Three categories were established for the use and sharing of information. These categories include guidance for ISPs and their customers:

  • “Opt-in” for Sensitive Information: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information, including precise geo-location, financial information, health information, children’s information, social security numbers, web browsing information, app usage history, and content of communications.
  • “Opt-out” for Non-Sensitive Information: ISPs can use and share non-sensitive information unless a customer opts-out. This category includes other individually identifiable information, including a customer’s email address and service tier.
  • Exceptions to Consent Requirements: For certain purposes, customer consent is inferred by the creation of the ISP-customer relationship, and ISPs can use such information for the provision of broadband services or billing and collection.

In addition, the FCC rules require ISPs to provide customers with “clear, conspicuous and persistent notice” about the information they collect, how it may be used and shared, and how customers can change their privacy preferences. ISPs are required to engage in reasonable data security practices, and the new rules contain guidelines that ISPs should consider following, including “common-sense data breach notification requirements to encourage ISPs to protect the confidentiality of customer data.”

The FCC’s vote comes on the heels of much vocal support of and opposition to the new rules from ISPs, those in the ad industry, and other interested groups. It should be noted that the scope of these rules is limited to broadband ISPs. The rules do not apply to the privacy practices of web sites or other “edge services,” and do not cover other services of a broadband provider, such as the operation of a social media website.

The FCC Press Release can be found here. The FCC Fact Sheet and Commissioner Statements can be found here.

 

Written by:

King & Spalding
Contact
more
less

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.