Protecting Privacy for Broadband Consumers

Earlier in 2016, the Federal Communications Commission launched a proceeding aiming to extend similar privacy protections to the information collected by your broadband provider. Our goal throughout the process has been straightforward: to give consumers the tools they need to make informed decisions about how ISPs use and share their data, and the confidence that ISPs are taking steps to keep that data secure, all while providing ISPs the flexibility they need to continue to innovate.

Over the past six months, we’ve engaged with consumer and public interest groups, fixed and mobile ISPs, advertisers, app and software developers, academics, other government actors including the FTC, and individual consumers to figure out the best approach. Based on the extensive feedback we’ve received, I am proposing new rules to provide consumers increased choice, transparency and security online. I have shared this proposal with my colleagues and the full Commission will consider these proposed privacy rules at our upcoming monthly meeting on October 27.

Under the proposed rules, an ISP would be required to notify consumers about what types of information they are collecting, specify how and for what purposes that information can be used and shared, and identify the types of entities with which the ISP shares the information. In addition, ISPs would be required to obtain affirmative “opt-in” consent before using or sharing sensitive information. Information that would be considered “sensitive” includes geo-location information, children’s information, health information, financial information, social security numbers, web browsing history, app usage history, and the content of communications such as the text of emails. All other individually identifiable information would be considered non-sensitive, and the use and sharing of that information would be subject to opt-out consent. Calibrating consent requirements to the sensitivity of the information aligns with consumer expectations and is in harmony with other key privacy frameworks and principles – including those outlined by the FTC and the Administration’s Consumer Privacy Bill of Rights. The proposed rules are designed to evolve with changing technologies, and would provide consumers with ways to easily adjust their privacy preferences over time.

The proposed rules also require ISPs to take reasonable measures to protect consumer data from breaches and other vulnerabilities. If a breach does occur, the rules would require ISPs to take appropriate steps to notify consumers that their data have been compromised.


Protecting Privacy for Broadband Consumers