In 2015 a battle begun between the FCC and internet providers when broadband was classified as a utility and President Obama urged for the strictest possible mandates on internet providers. The transition from the FTC to the FCC sparked outcry from ISPs saying that this was outside the purview of the FCC. However, this order was later upheld by federal courts in June of this year. In a short 4 months after the decision, the FCC has released new policies to improve the transparency and security for your personal data and how that data is shared by ISPs.
One of the most significant changes is that now consumers are defaulted to an opt-out status when it comes to sharing sensitive information and now require an explicit opt-in. Also, the new rules set by the FCC further expands on the current rules of the FTC in what customer information is considered “sensitive”.
According to the FCC customer sensitive data are now defined as “precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.” While ISPs can still share email address or service tier information unless customers explicitly opt-out.
— The FCC (@FCC) October 27, 2016
The rules further outline that in the event of a data breach there must be common sense notifications to customers and law enforcement informing them about the breach.
These new rules are a big step forward for consumer privacy. A study found that “91% of adults agree or strongly agree that consumers have lost control of how personal information is collected and used by companies” while another study found “93% of adults say that being in control of who can get information about them is important”.
However, it is important to note that these rules only apply to broadband suppliers and other telecommunication carriers. The rules that govern web sites and other “edge services” still fall under the authority of the FTC.
Even with the stricter mandates, ISPs are concerned about what the new rules do not define and how it may impact their daily business.
David L. Cohen, Senior Executive Vice President and Chief Diversity Officer for comcast posted on the company blog “they unfortunately fell short in certain key respects. They departed significantly from the FTC’s sensible sensitivity-based approach for the use of web browsing and apps usage data” and “[the FCC] flatly ignored the FTC’s and Administration’s approach of encouraging companies to inform their customers of new and discounted services with few regulatory burdens.”
While Verizon released a statement praising the new rules. “Verizon is encouraged by the preliminary information we heard this morning about the privacy order approved by the FCC.” and “the final order appears to adopt rules that are much more closely aligned with the Federal Trade Commission’s privacy framework”
However, both companies agree that time will tell on what the full impact will be of the new rules. For now, we will chalk this up as a win for consumer privacy.