- Ready for Dark Mode? Here’s how to get it, and everything else in iOS 13 4 Years Ago
- Students across the world are walking out to protest inaction on climate change 4 Years Ago
- YouTubers are exploiting Area 51 mania for content Today 10:29 AM
- Veterans confront Dan Crenshaw over his support for Trump Today 10:29 AM
- Google Maps may soon come with an Incognito Mode Today 10:13 AM
- Right-wing Beto O’Rourke ‘pissy pants’ meme actually features indie rock star Today 10:11 AM
- Facebook employee dies in apparent suicide at Bay Area headquarters Today 10:06 AM
- Giuliani just straight-up tweets some Ukraine secrets Today 9:29 AM
- You can now buy that viral game about an annoying goose Today 8:59 AM
- Bill de Blasio was still running for president, but now he’s not Today 8:40 AM
- How to stream Panthers vs. Cardinals in Week 3 Today 8:20 AM
- ‘American Dreamer’ is a frustratingly basic crime thriller starring Jim Gaffigan Today 7:00 AM
- ‘Smallville’ star Tom Welling will play Superman once again Today 6:43 AM
- How old is Beto O’Rourke? Today 6:30 AM
- How to stream Chiefs vs. Ravens in NFL Week 3 action Today 6:08 AM
FCC unveils privacy plan to limit how Internet providers can use your data
‘Consumers should have effective control over how their personal information is used.’
The Federal Communications Commission on Thursday unveiled a long-awaited proposal for regulating how broadband Internet service providers can use and share their customers’ information.
The three main components of FCC Chairman Tom Wheeler‘s proposed rules—which the commission will consider during its March 31 open meeting—involve ISPs’ use of customer data, their protection of that data from theft, and their obligations in the event of a data breach.
Under the rules, ISPs will be allowed to freely use only the customer data necessary for them to provide or market their services, such as a customer’s address for the purpose of mailing them their monthly Internet bill.
Customers can opt out of a second category of activity, in which their ISP uses their data to market its other services to them or shares that data with its affiliates to let affiliates can market their services. For example, Verizon could share its home broadband customers’ data with its Verizon Wireless subsidiary to let the wireless division market cellphone service to them.
“Consumers should have effective control over how their personal information is used and shared by their broadband service providers.”
ISPs must affirmatively seek permission from customers to use their data for any other purpose.
On a conference call with reporters, a senior FCC official argued that privacy rules for broadband companies had lagged behind technological development in recent years. “That is a gap the Chairman believes must be closed,” the official said.
The rules would require ISPs to “take reasonable steps” to protect customer data from theft, although what form those steps will take remains to be seen. An FCC fact sheet mentioned “risk management practices” and “strong customer authentication requirements.”
If hackers break into an ISP’s network and steal customer data, that company would have to notify affected customers within 10 days of discovering the breach and notify the FCC within seven days.
For breaches affecting more than 5,000 customers, the company would also have to tell the Federal Bureau of Investigation and the U.S. Secret Service, which typically investigate such incidents, within seven days.
The rules do not prohibit any specific uses of data, instead emphasizing customer authorization as the main safeguard.
Consumer advocates praised the proposal after its release, while industry groups called it worrisome and unnecessary.
“We applaud the Chairman for taking a decisive step to protect consumers,” Meredith Rose, a staff attorney at Public Knowledge, said in a statement. “This is an issue which touches the life of every connected consumer, and we are pleased to see the Chairman taking a stand on such a critical topic. ”
Gaurav Laroia, a policy counsel at Free Press, added in a statement, “Congress was wise to require that the FCC maintain special privacy protections for customers of all common carriers. It’s crucial for the FCC to modernize these protections and apply them to broadband.”
Sen. Ed Markey (D-Mass.), a longtime consumer advocate on the Senate Commerce Committee, which has jurisdiction over the FCC, praised Wheeler for introducing the rules, saying in a statement, “Internet service providers have a duty to protect the privacy of consumers who use the company’s wired and wireless infrastructure to connect to the world.”
But the Information Technology and Innovation Foundation called the rulemaking effort “misguided,” and Berin Szoka, president of the libertarian group TechFreedom, said in a statement that the FCC was ‘“solving’ a problem entirely of its own making.”
A senior FCC official told reporters on Thursday that the proposal “looks to the best practices of companies,” to existing data-protection laws, and to the enforcement activities of the Federal Trade Commission.
If the commission adopts the rule at its March open meeting, the public will then have several months to comment on the “Notice of Proposed Rulemaking,” during which time they can suggest how the rules should be crafted.
One question is whether, in addition to distinctions based on how data is used, there should be special rules for special kinds of data, like geolocation data produced by smartphones’ GPS sensors. A senior FCC official said that this was the kind of question on which the commission sought public comment.
While the goal is for the final rules to cover both fixed and mobile broadband providers, they may include provisions—such as protections for GPS data—that only apply to mobile network operators.
Another question is whether the rules should be written to specifically ban ISP programs that charge customers more money if they don’t opt into certain data collection. AT&T currently charges customers $29 per month if they don’t want to let the company scan their Internet traffic.
Asked about the AT&T program, a senior FFC official would only say that the agency sought comment on whether certain practices “raise specific concerns.”
“While broadband providers no doubt care about the privacy of their customers, there is also great financial incentive for them to collect and share customer information,” an FCC official said. “Consumers should have effective control over how their personal information is used and shared by their broadband service providers.”
Correction: The FCC’s March meeting will take place on March 31.
Illustration via Max Fleishman
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.