In an October 6, 2016, blog post and accompanying fact sheet, FCC Chairman Tom Wheeler outlined his proposal for new privacy rules governing Internet Service Providers (ISPs) to be considered by the full Commission during its upcoming monthly meeting on October 27. Chairman Wheeler’s post detailed the scope of the issue – ISPs are collecting information based on millions of customers’ online activity and there are currently no rules in place governing how ISPs are permitted to use and share its customers’ personal information.
The result of a 6-month process and consideration of thousands of public comments from consumer groups, ISPs, developers, government actors and others, the proposed rules contain the following important provisions:
- ISPs are required to obtain affirmative “opt-in” consent before using or sharing sensitive information. “Sensitive” information is described broadly to include geo-location information, children’s information, health and financial information, social security numbers, content of communications (i.e., text of email messages) and, importantly, web browsing and application usage history.
- For other “non-sensitive” information collected by ISPs, ISPs must provide “opt-out” measures for customers.
- ISPs will be prohibited from providing “take it or leave it” offers where customers can be refused service if they decline to opt-in for the sharing of their information for commercial purposes.
- “Pay for privacy” provisions, whereby ISPs offer favorable rates to customers that “opt-in” for the sharing of their information for commercial purposes, are not prohibited. However, these pay structures will be subject to heightened disclosure requirements and will be scrutinized by the FCC on a case-by-case basis.
While the proposed regulations are less aggressive than an earlier proposal released by the FCC in March, industry groups are already pushing back – particularly with respect to the inclusion of web browsing and app usage history in the definition of “sensitive data.” Advertising trade groups have warned that customers will be deluged with opt-in requests, negatively impacting the user experience. Despite these concerns, most expect the proposed rules to be approved by the Democratic majority of the full Commission by a 3-2 vote.