On March 10, 2016, the Federal Communications Commission (FCC) Chairman Tom Wheeler circulated a Notice of Proposed Rulemaking (NPRM) regulating how broadband Internet service providers can use and share customer data. According to a Fact sheet that the FCC released and that summarizes the NPRM, the proposed rules deal specifically with consent to use/sharing of data, breach notification requirements, and standards of protection of customer data.
First, use and share of customer data require explicit consent. Companies can use/share customers’ data without explicit consent only in three cases: 1) when use is required for the delivery of the service; 2) when use is to market other broadband packages to customers; 3) when use is done by affiliated companies to market other types of communication services (but customers’ opt out is possible for this case).
If approved, the rules will be a major step because today broadband Internet service companies collect customer data, use and share it without consent for any purpose including targeted advertising.
Second, the draft privacy rules also deal with notification requirements to customers, FTC, and law enforcement agencies, in case of data breach.
Third, the proposal contain standards that companies must implement to protect consumer data.
The vote on the proposal is expected on March 31, 2016. After the vote, the FCC will open a period of public comment.
Note that these new rules would not apply only to broadband Internet service companies and not for example to tech giants like Twitter, Google or Facebook (see here)
Read here the Broadband Consumer Privacy Proposal Fact Sheet.
For more information, Francesca Giannoni-Crystal.