On Oct. 27, 2016, the FCC (News - Alert) adopted new rules that will require broadband Internet service providers to protect the privacy of their customers. They are intended to provide consumers more control over the use of their personal information by establishing a framework of customer consent required for ISPs to use and share their customers’ personal information. The rules separate the use and sharing of information into several categories of user consent based on the sensitivity of the information.
In addition, the rules include new transparency requirements that require ISPs to provide customers with clear, conspicuous, and persistent notice about the information they collect, how it may be used and with whom it may be shared, as well as how customers can change their privacy preferences. They also establish a requirement that broadband providers engage in reasonable data security practices and provide guidelines on steps ISPs should consider taking, such as implementing relevant industry best practices, providing appropriate oversight of security practices, implementing robust customer authentication tools, and proper disposal of data consistent with FTC (News - Alert) best practices and the Consumer Privacy Bill of Rights. Data breach notification requirements are also included as a means to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information.
The rules cover broadband service providers and other telecommunications carriers, but do not apply to the privacy practices of websites and other “edge services” over which the FTC has authority. However, it is unclear how these rules will ultimately be implemented and enforced given the forthcoming shift in the Executive Branch to a Republican administration, which has generally been hostile toward such regulations in the past.
Edited by Alicia Young