The Federal Communications Commission will vote in less than two weeks on whether to consider proposed new privacy rules for broadband providers like Comcast or Time Warner Cable.
The unveiling of the proposal earlier this month marked the start of an unofficial media tour by Chairman Tom Wheeler to sell the draft rules to the public. Meanwhile, industry groups are doing everything they can to keep harsh regulations at bay.
If the rules come to fruition, they would create a massive change in the way privacy is policed at broadband providers.
Here’s what you need to know about the proposal that could, within a year, be coming to an Internet service provider near you.
What’s in the proposal?
It’s worth noting that the public and the media haven't seen the full text of the privacy rules yet. That won’t come until after the commission formally votes on them. But, earlier this month, Wheeler’s office released a fact sheet detailing the basics of the proposal.
The centerpiece is new requirements giving customers more control over their personal data. In many cases, customers would have to explicitly give permission for their data to be used or shared with others.
There are two exceptions: Internet providers would have an inherent right, once a customer signs up for a product, to use the data to provide the services purchased. That means that a provider wouldn’t need permission to use personal data when delivering an email or streaming video.
The providers can also use personal data to market services similar to what a person already receives. That could include, for example, Verizon marketing its wireless service to one of its broadband customers, according to an FCC official. In those cases, a customer would have to explicitly opt-out of having their data used.
The rules also include requirements for how soon after a data breach Internet providers would have to notify their customers, the commission and, in certain cases, law enforcement agencies. They would also have to “take reasonable steps to safeguard customer information from unauthorized use or disclosure.”
Why is this happening now?
Two words: net neutrality.
Last year, the FCC approved new rules meant to safeguard net neutrality — the idea that all content on the Web should be treated in the same way. They banned broadband providers from slowing the delivery of certain data, blocking it outright or speeding it up if a service paid them to do so.
To make that happen, the agency changed the way ISPs are treated under the law. Instead of using the rules they already had for privacy, which had been applied primarily to phone services, Wheeler decided to craft new ones for broadband providers.
What do the Internet providers think about it?
Industry group say they want rules that align with the standards used by the Federal Trade Commission (FTC) to govern privacy at companies in a wide range of industries. That agency punishes companies that engage in “unfair and deceptive” practices.
“By adopting these principles, the Commission would establish a regime that protects consumer privacy and security while also providing flexibility for providers to implement and update their practices as consumer expectations and technologies evolve,” industry trade groups said when they sent Wheeler a potential framework for privacy protections this month.
Industry representatives argue that it makes little sense for the FTC to govern privacy at companies like Google and Facebook while the FCC exerts different powers over the Internet service providers. That, they say, could lead to a confusing landscape for customers who are not used to delineating between the companies that provide content on the Internet and the companies whose infrastructure they use to access it.
How have privacy advocates responded?
Privacy advocates are happy that the FCC is asserting powers over Internet service providers because it has powers to compel companies to act that the FTC does not.
Even one of the FTC’s commissioners, Julie Brill, has said that the net neutrality order “makes the FCC a brawnier cop on the privacy beat, and I welcome its enhanced presence on the scene.”
What isn’t covered under the rules?
The FCC has been firm in its insistence that the rules will not apply to companies like Google or Facebook that exist at the “edge” of the network. The privacy requirements will apply only to the Internet providers.
Several things need to occur before the rules become a reality.
The FCC’s commissioners will take the first step at an open meeting on March 31. If the process of creating the regulations is approved, as is expected, the proposal will be opened up for comments.
Then, after all the comments are in, the commissioners will take one more vote — this time on a final version of the proposal.