Federal Communications Commission chairman Tom Wheeler made his case for an ambitious plan to better defend consumer data privacy on Wednesday. His proposal would effectively govern how ISPs can leverage user data for marketing and advertising purposes in the same way that that the FCC already regulates data collected by your phone company.
"Think about it. Your ISP handles all of your network traffic," Wheeler wrote in a Huffington Post op-ed. "That means it has a broad view of all of your unencrypted online activity -- when you are online, the websites you visit, and the apps you use."
Basically, since your ISP has access to every piece of unencrypted data you send along its network, it can build an incredibly detailed dossier of your online life. And, up until now, the ISP could use that information anyway it saw fit. Wheeler wants that to change.
"The information collected by the phone company about your telephone usage has long been protected information," he continued. "Regulations of the Federal Communications Commission (FCC) limit your phone company's ability to repurpose and resell what it learns about your phone activity. The same should be true for information collected by your ISP."
To that end, Wheeler has put forth a plan that would "empower consumers to ensure they have control over how their information is used by their Internet Service Provider." In broad strokes, it would demand more transparency from ISPs on what information is being collected, give consumers the right to have meaningful control over that information, make it the ISP's "duty" to secure and protect your data for the duration that it is on the ISP's network.
As for ensuring data security, Wheeler's proposal would only require ISPs to take "reasonable steps"to defend user data from snooping. There's actually a lot less wiggle room for ISPs in that directive than you'd expect. "At a minimum," Wheeler wrote, "it would require broadband providers to adopt risk management practices; institute personnel training practices; adopt strong customer authentication requirements; to identify a senior manager responsible for data security; and take responsibility for use and protection of customer information when shared with third parties."
Take note that this proposal only applies Internet Service Providers. Websites like Facebook or Twitter would be exempt from these rule changes -- namely because their operations are regulated by the Federal Trade Commission. The FCC will vote on Wheeler's proposition on March 31, after a period of public comment from the American people.