FCC Chair proposes new data privacy rules for consumers
The FCC would govern user privacy with ISPs the same way it does with phone companies.
Federal Communications Commission chairman Tom Wheeler made his case for an ambitious plan to better defend consumer data privacy on Wednesday. His proposal would effectively govern how ISPs can leverage user data for marketing and advertising purposes in the same way that that the FCC already regulates data collected by your phone company.
"Think about it. Your ISP handles all of your network traffic," Wheeler wrote in a Huffington Post op-ed. "That means it has a broad view of all of your unencrypted online activity -- when you are online, the websites you visit, and the apps you use."
Basically, since your ISP has access to every piece of unencrypted data you send along its network, it can build an incredibly detailed dossier of your online life. And, up until now, the ISP could use that information anyway it saw fit. Wheeler wants that to change.
"The information collected by the phone company about your telephone usage has long been protected information," he continued. "Regulations of the Federal Communications Commission (FCC) limit your phone company's ability to repurpose and resell what it learns about your phone activity. The same should be true for information collected by your ISP."
To that end, Wheeler has put forth a plan that would "empower consumers to ensure they have control over how their information is used by their Internet Service Provider." In broad strokes, it would demand more transparency from ISPs on what information is being collected, give consumers the right to have meaningful control over that information, make it the ISP's "duty" to secure and protect your data for the duration that it is on the ISP's network.
In terms of user control, Wheeler proposes a three-tiered approach. The basic marketing of services would remain unchanged. "For example, your data can be used to bill you for telecommunications services and ensure your email arrives at its destination, and a broadband provider may use the fact that a consumer is streaming a lot of data to suggest the customer may want to upgrade to another speed tier of service," Wheeler wrote. However, any data used for affiliate marketing or otherwise shared would require an active opt-out from the user and all other forms of marketing would need the user to explicitly opt in.
As for ensuring data security, Wheeler's proposal would only require ISPs to take "reasonable steps"to defend user data from snooping. There's actually a lot less wiggle room for ISPs in that directive than you'd expect. "At a minimum," Wheeler wrote, "it would require broadband providers to adopt risk management practices; institute personnel training practices; adopt strong customer authentication requirements; to identify a senior manager responsible for data security; and take responsibility for use and protection of customer information when shared with third parties."
Take note that this proposal only applies Internet Service Providers. Websites like Facebook or Twitter would be exempt from these rule changes -- namely because their operations are regulated by the Federal Trade Commission. The FCC will vote on Wheeler's proposition on March 31, after a period of public comment from the American people.
