FCC demands carriers protect customer privacy in declaratory ruling
Privacy has been a hot-button topic of late, no more so than in the area of telecommunications. Perhaps as a response to these concerns, the FCC voted today for a Declaratory Ruling that all carriers must safeguard the private data in their customers' mobile devices. This data is known as customer proprietary network information (CPNI) and consists of metadata like phone numbers, call duration, call locations and call logs. Providers are supposed to protect such data already, but until today that only applied to the network -- now phones are covered under it as well. Carriers are still allowed to collect the information for network support purposes, but all precautions must be met so it's not compromised. It appears that third-party apps and services aren't covered under the ruling, and there aren't any strict regulations on how the CPNI may be gathered or protected. Still, the FCC made it clear that if any of the data is exposed, the carriers would have some serious 'splainin to do. To learn more about the ruling, check out the press release after the break.
Show full PR text
FCC ACTS TO PROTECT PRIVATE CONSUMER INFORMATION ON WIRELESS DEVICES
Washington, D.C. – The Commission today took action to protect the privacy of consumers of wireless services by clarifying its customer proprietary network information (CPNI) policies in response to changes in technology and market practices in recent years. Today's Declaratory Ruling rests on a simple and fundamentally fair principle: when a telecommunications carrier collects CPNI using its control of its customers' mobile devices, and the carrier or its designee has access to or control over the information, the carrier is responsible for safeguarding that information.
Specifically, the Declaratory Ruling makes clear that when mobile carriers use their control of customers' devices to collect information about customers' use of the network, including using preinstalled apps, and the carrier or its designee has access to or control over the information, carriers are required to protect that information in the same way they are required to protect CPNI on the network. This sensitive information can include phone numbers that a customer has called and received calls from, the durations of calls, and the phone's location at the beginning and end of each call.
Carriers are allowed to collect this information and to use it to improve their networks and for customer support. Carriers' collection of this information can benefit consumers by enabling a carrier to detect a weak signal, a dropped call, or trouble with particular phone models. But if carriers collect CPNI in this manner, today's ruling makes clear that they must protect it.
The Declaratory Ruling does not impose any requirements on non-carrier, third-party developers of applications that consumers may install on their own. The ruling also does not adopt or propose any new rules regarding how carriers may use CPNI or how they must protect it.
The Commission can take enforcement action in the event that a failure to take reasonable precautions causes a compromise of CPNI on a device. This clarification avoids what would otherwise be an important gap in privacy protections for consumers.
Today's action is the latest by the FCC to protect consumer privacy as part of the agency's mission to serve the public interest. By taking action in this area, the Commission reaffirms that it is looking out for consumers in the telecommunications market.
Action by the Commission June 27, 2013, by Declaratory Ruling (FCC 13-89). Acting Chairwoman Clyburn and Commissioner Rosenworcel with Commissioner Pai approving in part/concurring in part. Acting Chairwoman Clyburn, Commissioners Rosenworcel and Pai issuing statements.
