The Federal Communications Commission (FCC) has circulated a draft of its Notice of Proposed Rulemaking to clarify the privacy obligations of broadband internet access service providers.
Broadband providers have few restrictions on their ability to gather information about user behavior, habits and location—or their ability to share that information with third parties. The proposed rules would require broadband providers to get their customers’ explicit opt-in consent before making use of the data they collect about customers’ locations or the websites they are using. Also, the proposed rules say that consumers must have the option to opt out if they don’t want marketing communications from broadband providers.
The proposal also contains rules about how companies should protect personal information and about the notification of users in the event of a data breach. This is especially topical given that by monitoring the traffic that passes through their hands, broadband providers—as network gatekeepers—can learn detailed information about their customers’ most private activities.
“Every broadband consumer should have the right to choose how their information bits should be used and shared,” FCC chairman Tom Wheeler said in an op-ed piece. “And every consumer should be confident that their information is being securely protected.”
Last year, the FCC took the step of reclassifying broadband providers as utilities under Title II of the Communications Act—a move which brought those providers under the commission’s regulatory purview, for the purpose of enforcing Net neutrality requirements. Now, the commission is taking an important next step of outlining how Title II protections also place the same kinds of privacy requirements on broadband providers that voice and other telecom operators must adhere to.
Some opponents of strong privacy rules have argued that consumers should rely on encryption, not federal rules, to protect their privacy. Laura Moy, visiting assistant professor at Georgetown Law and co-director of the school’s Institute for Public Representation, said that this idea ignores the tremendous amount of highly sensitive online traffic that is not encrypted, and noted that even when traffic is encrypted, the protection is incomplete—broadband providers can still learn a great deal about their customers’ online activities.
“Strong communications privacy protections are essential both to ensure that consumers can trust these networks, and so that network gatekeepers cannot use private customer information to give themselves an unfair competitive advantage,” she said via email. “We’re pleased to see that the Commission is taking seriously its statutory mandate to closely protect telecommunications privacy. Given the central role of broadband in 21st-century education, medical care, employment and more, broadband customers must not be forced to choose between access and privacy.”
The move was applauded by other privacy advocates as well.
“As gatekeepers to the Internet, broadband providers are uniquely situated to capture detailed information about the websites their customers visit and the applications they use, while the customers are left at the whim of those intrusive practices,” said Sarah Morris, senior counsel and director of Open Internet Policy for New America’s Open Technology Institute (OTI). “The Communications Act recognizes the sensitivity of the provider-customer relationship, and directs the FCC to ensure that providers protect the information that they collect as a result of that relationship. When the FCC reclassified Internet access as a Title II service last year, it correctly recognized that broadband providers, like telephone providers, should be subject to the privacy protections under Title II.”
She added, “This approach is consistent with its decision to reclassify broadband providers as common carriers and the correct recognition that consumers should never have to make the choice between going online and having baseline privacy protections in place as they do so. A clear privacy framework developed under the longstanding authority granted to the FCC under Section 222 of the Communications Act will benefit Internet users, ensuring that the power asymmetry between customers and their Internet service providers is mitigated by consumer privacy protections. We commend the Chairman for initiating this proceeding.”
The proposal is on the agenda for the FCC’s March 31 Open Meeting.
Photo © Jerome Kundrotas/Shutterstock.com