Earlier this month, the U.S. Federal Communications Commission (FCC) proposed new privacy rules to help consumers when subscribing to high-speed Internet services. The rules clarify when Internet Service providers (ISPs) must obtain the consumer's approval. A summary:
"Consent Inherent in Customer Decision to Purchase ISP’s Services: Customer data necessary to provide broadband services and for marketing the type of broadband service purchased by a customer – and for certain other purposes consistent with customer expectations, such as contacting public safety – would require no additional customer consent beyond the creation of the customer-ISP relationship.
Opt-out: Broadband providers would be allowed to use customer data for the purposes of marketing other communications-related services and to share customer data with their affiliates that provide communications-related services for the purposes of marketing such services unless the customer affirmatively opts out.
Opt-in: All other uses and sharing of consumer data would require express, affirmative “opt-in” consent from customers."
Additional rules require ISPs to clearly provide notices, opt-in mechanisms, and opt-out mechanisms:
"Transparency requirements that require ISPs to provide customers with clear, conspicuous and persistent notice about what information they collect, use and share with third parties, and how customers can change their privacy preferences;
Robust and flexible data security requirements for broadband providers that include requirements to adopt risk management practices; institute personnel training practices; implement strong customer authentication requirements; identify a senior manager responsible for data security; and take responsibility for use and protection of customer information when shared with third parties;
Common-sense data breach notification requirements to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information."
The Notice of Proposed Rulemaking (NPRM - Adobe format) contains the detailed statements. (The document is also available here.) Privacy is critical, since broadband Internet access is critical to do anything today. In January, 50 consumer and privacy groups urged the FCC to tighten broadband privacy rules for ISPs. In March, the FCC released a broadband privacy Fact Sheet, which stated in part:
"Telephone networks have had clear, enforceable privacy rules for decades, but broadband networks currently do not... An ISP handles all of its customers’ network traffic, which means it has an unobstructed view of all of their unencrypted online activity – the websites they visit, the applications they use. If customers have a mobile device, their provider can track their physical and online activities throughout the day in real time. Even when data is encrypted, broadband providers can still see the websites that a customer visits, how often they visit them, and the amount of time they spend on each website. Using this information, ISPs can piece together enormous amounts of information about their customers – including private information such as a chronic medical condition or financial problems. A consumer’s relationship with her ISP is very different than the one she has with a website or app. Consumers can move instantaneously to a different website, search engine or application. But once they sign up for broadband service, consumers can scarcely avoid the network for which they are paying a monthly fee."
You don't need to look far to find abuses and questionable customer service historically by ISPs. This blog has covered many of those abuses:
- 13,000 Complaints Submitted By Consumers About Comcast's Usage Based Internet Pricing
- Report: Researchers Compare High-Speed Internet Services Worldwide. Consumers In The USA Pay More And Get Slower Speeds
- Customers Sue Internet Service Provider For Failing To Provide Promised Broadband Speeds
- Filing Supports Claims That ISPs Already Throttle And Violate Net Neutrality Rules
- 4 Reasons Why Your Internet Access Is Expensive And Slow... And Could Get A Lot Worse
- Several Internet Service Providers Hijack And Replace Consumers' Search Results
- SIMON Says... DON'T SPY!
- ISPs Begin To Spy And Abuse Consumer Privacy
- Under Pressure From Congress, ISP Admits To Secret Snooping In Kansas
Historically, ISPs have sought increased revenues and viewed targeted (behavioral) advertising as the means. To do this, they partnered with several technology companies (some went out of business after class-action lawsuits) to spy on consumers without notice, without consent, and without providing opt-out mechanisms. Consumers should control their privacy, not ISPs.
These proposed rules seem reasonable and common-sense. Consumers should be able to register for (e.g., opt-in) for additional desired programs and unsubscribe (e.g., opt-out) of undesired programs offered by their ISP.
Like any newly proposed rules, there is a comment period where the FCC seeks feedback from both consumers and companies. (A democracy requires participation.) If you like, or dislike, or want the proposed rules modified, then tell the FCC and explain why. The deadline for submitting feedback is May 27, 2016. Submit feedback online at the FCC website. The site lists several open proceedings for comments, so use Docket Number 16-106: "Protecting the Privacy of Customers of Broadband and Other Telecommunications Services."