We’ve all been waiting, and here it is: The FCC revealed a proposal today that could put a drastic check on ISPs’ abilities to share customers’ online activities with advertisers without permission from users.
Calling out people’s tendency to scroll down and click “yes” without reading the small print, the Commission asks: “Do consumers know what they are agreeing to when they sign up for Internet service?”
So, let the games begin, and may the odds be ever in your favor — no matter which side you stand.
The FCC says it is concerned that since an ISP handles all of its customers’ network traffic, it has an “unobstructed view of all of their unencrypted online activity.” It adds that if customers have a mobile device, a provider can track their physical and online activities in real time.
Beyond that, the Commission is worried that “even when data is encrypted, broadband providers can still see the websites that a customer visits, how often and the amount of time they spend on each site.” The FCC fact sheet concludes that means that ISPs can piece together a lot of data about customers – including private information such as a medical data or financial problems.
Consumers’ relationship with their ISPs are unique, the FCC states, and different than they might have with websites or apps. They can move instantaneously to a different website, search engine or application, “but once they sign up for broadband service, consumers can scarcely avoid the network for which they are paying a monthly fee,” the fact sheet says.
FCC Chairman Tom Wheeler’s proposal to protect consumer privacy is reportedly built on three things – choice, transparency and security.
First, broadband providers would be allowed to use customer data to market other communications-related services and share customer data with their affiliates that provide such services unless the customer opts out.
Beyond that, all other uses and sharing of consumer data would require express, affirmative “opt-in” consent.
Data security would require broadband providers to take what the Commission calls “reasonable steps to safeguard customer information from unauthorized use or disclosure.”
In the case of data breaches, the proposal includes specific notification requirements. Consumers would have to be told no later than 10 days after discovery, and the FCC would need notification no later than seven days after. Breaches affecting more than 5,000 customers would require a report to the FBI and the Secret Service no later than seven days after discovery.
“The Chairman’s proposal does not prohibit ISPs from using or sharing customer data, for any purpose,” the Commission reports. “It simply proposes that consumers have choices – either to opt out in some instances or to require that the ISP first obtain customers’ permission before using and sharing the customer’s data in others.”
The fact sheet concludes that while Wheeler’s proposal sets forth “a clear path forward towards final rules,” the NPRM also seeks comment on additional or alternative paths to achieve pro-consumer, pro-privacy goals.
Filed Under: Industry regulations