As we previewed last week, the Federal Communications Commission (FCC) has adopted new privacy rules that govern Internet service providers’ (ISPs) handling of broadband customer information. Though the Wireline Competition Bureau stated that it expects it will be at least several days before the final Order is released to the public, the FCC released a fact sheet describing the rules as adopted.
These rules are the culmination of a process that began in 2015 with the reclassification of Broadband Internet Access Service (BIAS) as a common carrier telecommunications service regulated under Title II of the Communications Act. As a consequence of reclassification, the obligations established under the privacy framework adopted by the Federal Trade Commission (FTC) no longer applied to ISPs due to the common carrier exception in Section 5 of the FTC Act. Accordingly, the FCC determined that the privacy protections governing telephone customer proprietary network information (CPNI) set forth in Section 222 of the Communications Act would now apply to ISPs’ provision of BIAS.
On April 1, 2016, the Commission released a Notice of Proposed Rulemaking setting forth proposed privacy and data security rules that would govern ISPs’ provision of BIAS. The rules originally proposed by the FCC would have subjected ISPs to significantly greater constraints on their ability to use customer data for advertising, marketing, and offering customized services and features than the FTC’s privacy framework, which continues to apply to websites, apps, and all other entities in the Internet ecosystem other than ISPs. For example, while the FTC framework applies differing choice mechanisms (i.e., opt-in, opt-out, or implied consent) depending on the sensitivity of the data being collected and the context of its use, the FCC initially proposed to apply a default opt-in regime to virtually all data – rejecting any distinctions based on data sensitivity.
In response to comments from the FTC and others in the proceeding, the final rules adopted by the FCC align more closely with the FTC framework, though some important differences remain. Continue reading for key elements of the proposed rules. Continue Reading What You Need to Know about the New Broadband Privacy Regulations