The Federal Communications Commission (FCC) has adopted rules that require broadband Internet Service Providers (ISPs) to protect the privacy of their customers. The rules ensure that broadband customers have meaningful choice, greater transparency, and strong security protections for their personal information collected by ISPs.
This landmark ruling, which was passed by a 3-2 party line vote by the FCC’s five commissioners, asserts that customers have a right to control their own personal information. In short, the new rules may forbid internet providers from sharing sensitive personal information such as app browsing histories, mobile location data, and other information generated while using the internet.
More specifically, the rules separate the use and sharing of information into three categories and include clear guidance for both ISPs and customers about the transparency, choice, and requirements for customers’ personal information.
- Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.
- Opt-out: ISPs would be allowed to use and share non-sensitive information unless a customer “opts-out”. Some examples of non-sensitive information include email address or service tier information.
- Exceptions to consent requirements: Customer consent is inferred for certain things such as the provision of broadband service or billing and collections.