The Federal Communications Commission (FCC) voted along party lines Thursday to formally consider rules governing how customers can control the way their Internet service provider (ISP) uses their personal data.
If approved, the rules would require consumers to explicitly permit the companies to use or share much of their information.
There are exceptions. Providers would be allowed to use data needed to deliver the service that customers are paying for without additional permission from a customer. They could also advertise products to users that are similar to what they already receive. And ISPs can assume they have consent to use data for “certain other purposes consistent with customer expectations, such as contacting public safety,” according to the commission.
Customers would have to opt out of having their information used by their ISPs to market other related services to them. FCC officials have offered the example of Verizon being allowed to market wireless service to its Internet customers unless the customers explicitly tell the company it can not.
But in all other cases, the proposal says, consumers would have to give their permission for their data to be used or shared with another party.
The rules also include stipulations for how soon after a data breach companies must notify the authorities and customers, as well as other requirements related to transparency and information security.
FCC Chairman Tom Wheeler has argued that ISPs need new regulations for the data they collect about their customers.
“[W]e’ve heard a lot of assertions, allegations and alarms up here recently,” Wheeler said at the FCC’s open meeting Thursday. “But there is one indisputable fact, and that is that it’s the consumers’ information and the consumer should have the right to say whether it is used for non-network purposes."
Privacy advocates say the information held by Internet providers can give a window into some very personal areas of their users’ lives, such as banking and healthcare.
“This is a treasure trove of information that is not only very personal to me, but is also very valuable to marketers and retailers,” said Mignon Clyburn, one of the commission’s Democrats.
The draft provisions, more than a year in the making, are the result of the rules the commission approved last February to protect net neutrality — the idea that all content on the Web should be treated in the same way.
To justify the rules, the commission changed the way it classifies broadband service under the law. The FCC is required under the new classification to police ISPs' privacy practices.
Privacy and public interest groups have supported Wheeler’s proposal. But the broadband industry says the commission should create rules that are more in line with those used by the Federal Trade Commission when it regulated Internet service providers.
That standard, which targets “unfair or deceptive” practices and actions, remains in use at the FTC for many other industries. That includes companies such as Facebook, which deliver content over the Internet but do not control the infrastructure.
Industry groups say consumers could be confused by having two different regulatory regimes applied to companies within the very broad Internet space, a concern that was echoed by Republican Commissioner Ajit Pai at Thursday’s meeting.
“It makes little sense to give some companies greater leeway under the law than others when they all have access to the same personal data,” he said, alleging the draft “favors one set of corporate interests over another."
Wheeler’s proposal is now open to comment from the public, as well as advocacy groups looking to shape it. A final vote is necessary to make the rules binding.