FCC Privacy Proposal Troubles Broadband Internet Providers

Print Version
Share to a friend

Broadband Internet service providers are wary of a government plan to impose consumer privacy

protection regulations on the sector.


The Federal Communications Commission likely will issue the proposed regulations by Friday. It will

accept public comment on the proposal before taking final action.


The program would require ISPs to meet consumer privacy protection standards similar to the

regulations that cover telephone service companies. ISPs currently are exempt from such requirements.


“The information collected by the phone company about your telephone usage has long been protected

information. FCC regulations currently limit your phone company’s ability to repurpose and resell what

it learns about your phone activity without your consent. The same should be true for information

collected by your ISP,” FCC chairman Tom Wheeler said at a recent Georgetown University conference.


While consumers generally are aware that social media and website hosts collect a wealth of personal

data from users and visitors, few are aware that the vehicle for such contacts — the ISPs — also track

personal information, he said.


FCC Reveals Ability to Collect Consumer Data


“Your ISP handles all of your network traffic. That means it has a broad view of all of your unencrypted

online activity — when you are online, the websites you visit, and the apps you use,” Wheeler said.


“If you have a mobile device, your provider can track your physical location. Even when data is

encrypted, your broadband provider can piece together significant amounts of information about you —

including private information such as a chronic medical condition or financial problems — based on your

online activity,” he added.


The regulations would address the use and protection of consumer data generated through ISP

operations, according to a draft of the proposal.


Privacy: ISPs would retain the authority to use customer data for billing and marketing their own

broadband services. However, the proposed rules “mandate that customers be given a choice as to

whether an ISP can use customer data for other purposes,” according to a summary of the draft

compiled by Dee Dee Fischer, a partner at Akerman.


For example, customers will have the right to opt out of permitting ISPs to use their data for marketing

services other than broadband, or sharing data for marketing purposes with affiliates that provide

communication services. Additionally, ISPs would be prohibited from sharing customer data for any

other purpose, such as targeted advertising, unless the customer opts in, according to the summary.


Security: The FCC program will impose “robust and flexible data security requirements” on broadband

providers, Fischer noted. ISPs will be required to take reasonable steps to safeguard customer

information from unauthorized use or disclosure, including adoption of risk management practices,

training of personnel, and use of customer authentication measures. ISPs must designate a senior

manager for data security and take responsibility for the use and protection of customer information

when shared with third parties. Breaches would have to be reported to consumers and the government

within certain time frames.


“These new rules, if passed into law, will represent the first time that the FCC has imposed data privacy

rules on ISPs, and would constitute some of the strongest privacy regulations of any segment of the

technology and telecommunications industry,” Fischer said.


The regulations would affect a wide range of broadband companies, including AT&T, Comcast, Cox

Communications, Time Warner Cable and Verizon.


Operators Challenge FCC Authority


Permanent adoption of the FCC proposal could face significant legal hurdles, however. A key factor is

whether the commission has the legal authority to regulate ISPs at all.


In 2015, it decided to classify ISPs as telecommunications entities subject to the same type of regulation

as telephone utilities. That empowered the commission to issue the proposed privacy regulations for



Broadband operators challenged the decision in a case pending before the U.S. Court of Appeals for the

District of Colombia. They contend that under the Telecommunications Act, ISPs are information

services and as such cannot be regulated in the same fashion as telecommunications providers.


The technology and engineering associated with ISP connections is inherently different from the direct

service to consumers provided by regulated telephone utilities, the ISPs argue. The FCC’s jurisdiction

extends only to telephone utility data defined by law as consumer proprietary network information and

does not cover the tiered ISP structure enabled by router-based connectivity.


ISPs Favor Flexible Regulation


Even if the FCC prevails and retains regulatory jurisdiction over ISPs, members of the broadband

community have taken issue with its approach to regulating ISPs.


The rules for ISPs are at odds with the requirements for other online entities, according to the National

Cable & Telecommunications Association. The FCC should work to ensure consistency in consumer

privacy protection and fair competition.


The commission should embrace the approach taken by the Federal Trade Commission, which protects

consumers while allowing IT providers flexibility in meeting privacy goals, CTIA urged. The FTC focuses

on potentially deceptive activities by e-commerce providers in failing to inform consumers of privacy

impacts, as well as prosecuting unfair practices in the delivery of services.


“There should be one set of rules that cover wireless operators, apps and over-the-top providers so that

consumers know what, if anything, is happening to their information, regardless of which company

holds it,” said Debbie Matties, vice president for privacy at CTIA.


“If the FCC does have jurisdiction over this issue, it should follow the FTC model that has resulted in

innovation throughout the Internet while protecting consumers. Establishing a different set of rules for a

limited subset of the industry will only confuse customers,” she told the E-Commerce Times.


Consumer advocates strongly endorse the proposal.


“The FCC is not just legally authorized to take action — it is imperative for the agency to issue a broad

rule-making that addresses the full range of communications privacy issues facing U.S. consumers,” said

Claire Gartland, consumer protection counsel at the Electronic Privacy Information Center.


“Because the U.S. currently lacks comprehensive privacy legislation or an agency dedicated to privacy

protection, there are very few legal constraints on business practices that impact the privacy of American

consumers. The FCC has the opportunity to fill this void,” she told the E-Commerce Times.


Groups Cite FCC Powers


Unlike the FCC, the FTC does not have rule-making authority to issue regulations on e-commerce,

except in limited circumstances, Gartland noted.


“Fundamentally, the FTC is not a data protection agency. Without regulatory authority, the FTC is

limited to reactive, after-the-fact enforcement actions that largely focus on whether companies honored

their own privacy promises,” she said.


“Broadband Internet access system providers act as critical gatekeepers in the broadband ecosystem,

and their data collection is detailed and captures much of a consumer’s online activity. Therefore, the

FCC’s proposed actions are important, and it is good to see the FCC seize this rare and important

opportunity to protect the privacy of broadband consumers,” said Katharina Kopp, director of privacy

and data at the Center for Democracy and Technology.


“CDT believes that promoting innovation is not incompatible with protecting the fundamental right to

privacy,” she told the E-Commerce Times. “Giving individuals the opportunity to affirmatively consent

to uses of their broadband data for purposes unrelated to providing communications services is fair and

will give them some much needed control. This will build trust in the process, in the economic

marketplace and in further innovation.”


Source: http://www.technewsworld.com/story/83290.html