The Federal Communications Commission hopes to strengthen rules around online privacy. The commission is circulating a proposal today that would require internet service providers — like Comcast, Verizon, and AT&T — to get your permission before sharing information about you with many outside parties
Under the proposal, internet providers will still be able to use your information to market their own services to you. They'll also be able to share your information with "affiliates" that want to advertise other "communications-related services," however you'd be given the ability to opt out. To share your information with anyone else, internet providers will need explicit permission. "When consumers sign up for internet service, they shouldn’t have to sign away their right to privacy," the commission writes.
Internet providers would have to 'take reasonable steps' to secure your data
The FCC's concern lies in how much information your internet provider knows about you. Your ISP "has a broad view of all of your unencrypted online activity — when you are online, the websites you visit, and the apps you use," FCC chairman Tom Wheeler writes in an op-ed published in The Huffington Post. That could allow an internet provider to know far more about its customers than many would like; and because that information is often later shared with ad networks, it can persist across many companies.
In addition to limiting what internet providers can do with your information, Wheeler wants to require that internet providers keep your information secure. Under the proposal, internet providers would be required to "take reasonable steps" to secure your information. Internet providers would also be required to disclose security breaches. The FCC would have to be told within a week, and affected customers would have to be notified within 10 days. If it's a large breach, impacting more than 5,000 customers, the FBI and US Secret Service would have to be notified within a week as well.
These rules would only apply to internet providers — the FCC isn't regulating how Facebook or Google handle your information, for example (the Federal Trade Commission has the authority in those cases). But as Wheeler notes in his op-ed, limiting what internet providers can do with your information is a critical first step toward online privacy. As we've seen with situations like Verizon's use of "supercookies," this highly personal information is already being used as an advertising tool. Many people would likely prefer that information stay as private as possible. Now that the FCC is regulating internet providers under Title II, it's able to make rules like these to protect consumer data.
The FCC will vote on this proposal at its March 31st meeting, where it'll likely be approved. At that point, a comment period will open wherein the commission will ask the public and businesses for their thoughts on the proposed guidelines. That's also how the commission will nail down this proposal's specifics. One important open question: what exactly is a "communications-related service?" A senior FCC official said it could mean "voice, broadband, and cable" — services regulated by the FCC — but the official also said the commenting period will be used to determine whether it's something broader. Whether internet providers can charge you extra for opting out is another key question, too. Following several months of comments, the commission will shape its final rules, which will also have to be voted on and approved.