Internet Companies Reaffirm Consumer Privacy Principles As FCC Reviews Flawed Wheeler Era Broadband Rules

Trade associations representing virtually all of the leading US internet service providers (ISPs) filed a petition asking the Federal Communications Commission to stay broadband privacy rules recently adopted by the FCC, while at the same time releasing detailed and comprehensive principles reiterating ISPs’ commitment to protecting their customers’ privacy online. The stay filed by CTIA, NCTA – The Internet & Television Association, USTelecom, ACA, CTA, CCA, ITTA, NTCA – The Rural Broadband Association, WISPA, and WTA asks the FCC to halt privacy rules while it resolves multiple pending motions for their reconsideration. If granted, the combination of the ISPs’ privacy principles and applicable laws would protect consumers’ privacy without subjecting them to flawed and confusing regulations that would undermine the safe and consistent treatment of their data online.

The ISP privacy principles are:

• Transparency. ISPs will continue to provide their broadband customers with a clear, comprehensible, accurate, and continuously-available privacy notice that describes the customer information we collect, how we will use that information, and when we will share that information with third parties.
• Consumer Choice. ISPs will continue to give broadband customers easy-to-understand privacy choices based on the sensitivity of their personal data and how it will be used or disclosed, consistent with the FTC’s privacy framework. In particular, ISPs will continue to: (i) follow the FTC’s guidance regarding opt-in consent for the use and sharing of sensitive information as defined by the FTC; (ii) offer an opt-out choice to use non-sensitive customer information for personalized third-party marketing; and (iii) rely on implied consent to use customer information in activities like service fulfillment and support, fraud prevention, market research, product development, network management and security, compliance with law, and first-party marketing. This is the same flexible choice approach used across the Internet ecosystem and is very familiar to consumers.
• Data Security. ISPs will continue to take reasonable measures to protect customer information we collect from unauthorized use, disclosure, or access. Consistent with the FTC’s framework, precedent, and guidance, these measures will take into account the nature and scope of the ISP’s activities, the sensitivity of the data, the size of the ISP, and technical feasibility.
• Data Breach Notifications. ISPs will continue to notify consumers of data breaches as appropriate, including complying with all applicable state data breach laws, which contain robust requirements to notify affected customers, regulators, law enforcement, and others, without unreasonable delay, when an unauthorized person acquires the customers’ sensitive personal information as defined in these laws.