The Federal Communications Commission voted on October 27th to adopt Commission Chairman Tom Wheeler’s proposal on cable TV set-top boxes, as well as another proposal regulating consumer privacy in broadband ISPs after a brief setback when voting was delayed on September 29. The rules on broadband privacy set forth clear parameters within which broadband internet service providers may use and share customers’ personal data with third parties like online advertisers.
The rules were adopted during the FCC’s Open Meeting and represent a big step in expanding consumer privacy protections, continuing the FCC’s shift towards a more pro-consumer agenda in internet and technology policy.
The new rules stem from an interest in protecting consumers’ right to privacy in the face of the broad access ISPs have to information about their customers. The original proposal was developed following the FCC’s adoption of a comprehensive framework to protect consumer privacy in broadband and other telecommunication services in March. The new rules incorporate input from the Federal Trade Commission and general public responses following the March proposal adoption, and aim for consistency with other privacy frameworks adopted by the Federal Trade Commission and the Administration’s Consumer Privacy Bill of Rights.
The rules require broadband ISPs to inform consumers, up-front, of the types of information the ISP collects about its customers, of how and for what purposes the ISP uses and shares the information, and of the types of entities the ISP shares the information with. In addition to consumer notification, ISPs must gain affirmative opt-in consent from their customers before using or sharing any information falling under the category of “sensitive information,” as outlined in the proposal. Conversely “non-sensitive information” only requires an opt-out consent from consumers. There are carve-outs in the set of data requiring opt-in consent, including information required for the provision of broadband service and billing and collections. In these cases, ISPs are allowed to infer user consent. Consumers may also modify their privacy preferences. The rules also strengthen the protection of consumer privacy interests through tight data breach protocols, robust safeguards against re-identification of anonymized data, and increased disclosure and scrutiny over pay-for-privacy plans (where ISPs offer discounts in exchange for consent to information use and sharing).
The opt-in consent mechanism will create choice for consumers where there was none before. It allows for direct control over how, when, and what type of information is shared, making it a far-reaching, pro-consumer plan. Unsurprisingly, when Wheeler proposed these rules they faced significant industry opposition. Sam Gustin of Motherboard commented that “the cable industry isn’t thrilled about the prospect of greater scrutiny, especially from an agency it has repeatedly accused of regulatory overreach.” On the other hand, a number of organizations signed onto a letter to Wheeler and other members of the FCC on October 17, urging the FCC to continue its trend of “bold and historic moves” in internet and technology regulation and to rectify the long-standing issues regarding open internet and affordable cable services. It remains to be seen how these somewhat controversial rules will be adopted and used.
Commission Documents: https://www.fcc.gov/document/fcc-adopts-broadband-consumer-privacy-rules
Kelly Ding is a 1L at Harvard Law School.