On Thursday October 7, 2016, the Chairman of the Federal Communications Commission (“FCC”), Tom Wheeler, announced a proposal for new privacy rules for broadband providers in a post on the FCC’s website. Chairman Wheeler stated that the new rules would be focused on the sensitivity of consumer data, and would be more in line with the Federal Trade Commission’s (“FTC”) approach to protecting consumer privacy. Chairman Wheeler circulated the proposal to the other members of the FCC, and the proposal will be discussed at the FCC’s upcoming monthly meeting on October 27.
The new proposal would require customers to opt in and consent to allow internet service providers (“ISPs”) to use and share sensitive information such as geo-location, social security numbers, app usage and web browsing history. The rules also provide the ability for customers to opt out of allowing ISPs to use and share non-sensitive individually identifiable information, such as the customer's service tier. The focus of the new rules is to enhance consumers’ choice as to what information gets shared, while also providing transparency as to what information is being shared, in order to increase consumer privacy and security of sensitive information.
The rules are part of the FCC’s efforts to apply the privacy requirements of the Communications Act to broadband service providers after reclassifying these providers as common carriers, which are largely exempt from FTC authority.
In his post, Chairman Wheeler stated as follows: “Calibrating consent requirements to the sensitivity of the information aligns with consumer expectations and is in harmony with other key privacy frameworks and principles — including those outlined by the FTC and the administration’s consumer privacy bill of rights. The proposed rules are designed to evolve with changing technologies, and would provide consumers with ways to easily adjust their privacy preferences over time.” The proposed rules would also require ISPs to take reasonable measures to protect customer data from breaches, including taking appropriate steps to notify customers that their data has been compromised. Although it is unknown whether the rules will be adopted as described by Chairman Wheeler, the FCC meeting on October 27 should give more clarity to that question.