FCC To Consider Rules That Would Make ISPs Get Permission To Share Your Personal Info

Image courtesy of FCC chairman Tom Wheeler speaking in 2014. (FCC)

There’s a reason they call this century the information age: everything is data, data, data. And today, the FCC announced a proposal that would regulate how ISPs — over which all that data flows — have to get your permission to collect and share all that juicy, valuable information.

FCC chairman Tom Wheeler announced the proposal in a blog posting on the Huffington Post today. As the fact sheet explains (PDF), the proposal isn’t so much about what ISPs can do, as what they have to tell you.

The three core principles of the proposal are choice, transparency, and security. In other words: ISPs have to let you opt-in or opt-out of certain kinds of data collection; they have to tell you what the data they’re collecting is and what they do with it; and any data they do collect, they have to protect.

The first bucket is data that you inherently give consent to have used just by signing up for service. In other words, the job of an ISP is to move your data around and by having the wires (or wireless network) in your house and connecting to them, you’re automatically consenting to some use. Data like your home address and e-mail address, for example, are necessary to billing you for service. Using a lot of bandwidth? Your ISP is automatically allowed to use that information to market a higher service tier to you.

The second bucket is data that you can opt-out of having used. In this case, the default would be for ISPs to both collect and share this data unless you tell them otherwise. That category contains most of the “standard” marketing data: ISPs would be able to offer you other communications-related services, and trade (sell) your data to third parties to offer communications-related services, unless you explicitly say they can’t. The example the FCC gives is that Verizon could send marketing materials about Verizon Wireless to a customer who receives FiOS service without first seeking permission.

The third bucket, though, is where consumers have to give the go-ahead. This data sharing requires an explicit opt-IN before ISPs can do it. And it’s broadly defined as “everything that isn’t explicitly in categories one and/or two.”

As FCC officials stressed repeatedly in a press call, this proposal is so far just that: a proposal. If (when) the Commission votes to adopt the NPRM, it will kick off a public comment process in which interested parties can leave their two cents about how, exactly, all these things should work. As a result, details are still hazy — in large part because they haven’t been hashed out yet.

When reporters asked, for example, about AT&T charging higher rates for consumers who opt-out of data collection, or about what information ISPs will be required to provide consumers about what happens if they do opt-out, FCC officials responded that those matters will be open for comment after the NPRM is adopted.

The FCC officials also acknowledged that aggregate data is as much of a challenge as individual, personalized data when it comes to consumer privacy. They acknowledged that research has found anonymous data usually isn’t, and said the proposal seeks comment on what standards the FCC should use to regulate the use of de-identified data going forward.

“Every broadband consumer should have the right to know what information is being collected and how it is used. Every broadband consumer should have the right to choose how their information bits are should be used and shared. And every consumer should be confident that their information is being securely protected,” Wheeler said in his post.

” You have a right to know what information is being collected about you and how that information is being used. That’s why establishing baseline privacy standards for ISPs is a common sense idea whose time has come. The bottom line is that it’s your data. How it’s used and shared should be your choice.”

Some consumer advocates also applauded the motion. “By initiating this rulemaking, the FCC is taking the first step toward fulfilling its responsibility under Title II to protect the privacy of all telecommunications customers — including broadband Internet users. Chairman Wheeler and the other commissioners must establish the agency as a strong defender of online privacy,” Free Press Policy Counsel Gaurav Laroia said in a statement.

The FCC will vote on this measure, along with Lifeline modernization, in their March 31 open meeting.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.