Wheeler officially proposes privacy rules for ISPs

Image: Flickr user jeanbaptisteparis

FCC Chairman Tom Wheeler finalized his proposed privacy rules for internet service providers (ISPs), offering up directives that the Commission will vote on later this month.

And wireless carriers aren’t likely to embrace them.

The proposed rules are aimed at giving consumers choice and control over how their data is used by ISPs, increasing transparency and providing improved security over consumer data. Wheeler argues new regulations are necessary to protect users because ISPs have access to a tremendous amount of information about their customers, from names and location to browsing habits and perhaps even financial data.

“Providers have the ability to see a tremendous amount of their customers’ personal information that passes over that internet connection, including browsing habits,” Wheeler said in a prepared statement. “Consumers deserve the right to decide how that information is used and shared – and (to) protect their privacy and their children’s privacy online.”

Under Wheeler’s proposed order, ISPs would have to notify customers about what types of information they collect, and to specify how, why and with whom that information is shared. Service providers would also be required “opt in” consent from customers before using and sharing sensitive information related to location, health, finances, social security numbers, children, app and browsing usage and personal communications.

Other data would be considered “non-sensitive” and would require only that ISPs allow users to opt out rather than giving explicit permission to use that information.

ISPs also couldn’t refuse to serve customers who don’t consent to the use and sharing of their information for commercial purposes. The rules also address security concerns, calling for ISPs “to take reasonable measures” to protect customer information and to notify customers in a timely fashion when they learn that breaches occur.

Wireless carriers and other ISPs have long lobbied against such rules, arguing that they don’t address “edge providers” such as Facebook and Google, which offer online products and services but don’t provide web access. That gives edge providers an unfair advantage in the all-important online advertising market, CTIA told the FCC earlier this year after Wheeler suggested new rules were necessary for ISPs.

“As CTIA and many other commenters argued, asymmetric regulation that conflicts with customer expectations would be counterproductive,” according to an FCC filing from CTIA in July. “In the event that the Proposed Rules are adopted, many consumers would lack the time or interest to appreciate that ISPs would need to obtain different levels of consent to use or disclose information for routine practices that previously had not required opt-in consent – let alone that withholding consent from an ISP would do nothing to prevent edge providers from using or disclosing that same information without missing a click. The inevitable result of such asymmetry will be confusion and uncertainty, which in turn can lead to customer carelessness, compromising the very privacy values that the Commission purports to protect.”

But FCC officials once again dismissed such arguments, saying that edge providers are simply beyond its purview.

“What we’re doing here is frankly what we’ve done for decades with communications networks, and that’s a duty that congress has given us,” a senior FCC official said. “We don’t really opine on things that are outside of our jurisdiction.”

For more:
- see Chairman Wheeler’s statement

Related articles:
FCC moves forward with privacy rules for ISPs
Moody's: FCC's new privacy rules will hurt AT&T and Verizon's chances to compete with Facebook, Google
AT&T, Verizon argue for ad-supported business models, while FCC mulls new privacy rules