By David McCabe - 03/10/16 02:22 PM EST
The Federal Communications Commission on Thursday announced draft privacy rules that would govern how broadband Internet service providers can use and share customer data.
The rules proposed Thursday would bar the companies from using customers' data for many purposes without their explicit permission.
Internet providers could also share information with affiliated companies to help them market other types of communication services unless customers explicitly opt out. If a provider, for example, also offers wireless service through an affiliate, it could share customer data with the wireless company for marketing purposes, a senior FCC official told reporters.
But beyond that, customers would have to explicitly consent to their data being shared with other companies or used for any other purposes.
The proposal also includes requirements for how soon after a data breach broadband providers are required to tell customers, the FCC and, in some cases, law enforcement agencies. It would also put standards in place to govern what kinds of steps companies must take to protect consumer data.
“Every broadband consumer should have the right to know what information is being collected and how it is used,” FCC Chairman Tom Wheeler said in a Huffington Post article released around the same time as information on the rules.
“Every broadband consumer should have the right to choose how their information bits are should be used and shared. And every consumer should be confident that their information is being securely protected.”
The proposed rules are at least a partial win for advocates who wanted the FCC to assert stronger privacy powers than the Federal Trade Commission, which used to govern privacy for broadband providers.
Industry groups say that the rules should be the same for Internet providers and online services like Google or Facebook that remain under the FTC's purview.
They argue that the FCC should align its rules with the standard used by the FTC, which bars unfair and deceptive practices. This approach, they say, would mean that consumers would be protected in the same way across all aspects of their Internet use, from the provider delivering their traffic to search engines and social networks.
The industry has argued that the FCC should align its rules with the standard used by the FTC, which bars unfair and deceptive practices. This approach, they say, would mean that consumers would be protected in the same way across all aspects of their Internet use, from the provider delivering their traffic to search engines and social networks.
But privacy advocates see an opportunity in the rulemaking to enable the FCC to be, as FTC commissioner Julie Brill put it in a November speech, the “brawnier cop on the privacy beat."
In a letter to Wheeler this month, privacy groups said that Internet service providers “play a leading role in the complex ecosystem of online behavioral advertising and related forms of data-driven, targeted marketing.”
“These companies are showing an increased interest in monetizing the data they collect about their customers, and they are leveraging their position as gatekeepers to the Internet to harness this data in powerful and invasive ways,” they wrote.
A senior FCC official noted Thursday that while customers can abandon a search engine, social network or streaming service quickly if they don't like the way the website treats their data, it is harder to switch Internet service providers.
Meredith Rose, a staff attorney for advocacy group Public Knowledge, said in a statement that while “we acknowledge that the Chairman did not adopt all of the recommendations we made in our research, today’s release and the forthcoming Notice of Proposed Rulemaking represent a substantial step forward for consumer privacy. “
The proposal previewed Thursday is an outgrowth of the controversial net neutrality rules the FCC approved last year.
To get the legal authority needed to implement the rules, the commission changed the way that Internet service providers are classified under the law.
That meant applying new privacy rules required for services fitting that type of classification. But because the rules used in the past weren't easy to apply to Internet service, the commission opted instead to create new ones.
The item introduced on Thursday is only a notice that the rules are in the works. If the commission signs off on the item at its March 31 open meeting, then the public, as well as interest groups on both sides of the issue, will be able to comment on the proposal and a number of related issues before the commission votes on adopting it.