The FCC has unveiled a proposal that would restrict Internet providers' ability to share the information they collect about what their customers do online with advertisers and other third parties.
If adopted, these would be the first privacy rules for Internet service providers, resulting largely from last year's net neutrality regulations that expanded the Federal Communications Commission's oversight authority over the industry. (Those rules are currently pending in court.)
Thursday's unveiling of the proposal from Chairman Tom Wheeler is just a first step: The FCC is expected to vote to formally propose this plan on March 31, soliciting public comments on a variety of questions about how the rules should work before the final version gets drafted.
The key elements of Wheeler's proposal include a requirement that broadband providers such as Comcast, Verizon or T-Mobile clearly disclose what data they collect on you — for instance, it could be browsing history, use of apps or location — and how they shared that collected data with other companies for marketing or other purposes.
In some instances, subscribers would be asked to opt in or they'd be given a choice to opt out, depending on how the information is used. (Re/code has a helpful breakdown of the details.) The proposal also has provisions for better security of the information traveling through ISPs' networks.
Wheeler wrote in a Huffington Post op-ed that ISPs should be held to the same privacy standard as telephone companies:
"Your ISP handles all of your network traffic. That means it has a broad view of all of your unencrypted online activity — when you are online, the websites you visit, and the apps you use. If you have a mobile device, your provider can track your physical location throughout the day in real time. Even when data is encrypted, your broadband provider can piece together significant amounts of information about you — including private information such as a chronic medical condition or financial problems — based on your online activity.
"The information collected by the phone company about your telephone usage has long been protected information. Regulations of the (FCC) limit your phone company's ability to repurpose and resell what it learns about your phone activity.
"The same should be true for information collected by your ISP."
Telecom companies are resisting the FCC's push to regulate their privacy practices, arguing that this puts them on unequal footing compared with websites and web services such as Google that also collect a lot of information about people's digital tracks. As The New York Times points out, those companies are overseen by another agency:
"The regulations, if approved, would put broadband providers under stronger privacy oversight than Internet companies like Google and Facebook. Those companies are monitored by the Federal Trade Commission, whose ability to create specific privacy rules is limited.
"Many privacy advocates have pushed for a greater role by other agencies because the F.T.C. cannot create rules for online privacy and can only monitor data collection practices as an enforcement agency."
AT&T's Bob Quinn, senior vice president of federal regulatory affairs, said in a blog post this week that Internet providers "do not currently live in a 'regulatory-free zone' when it comes to privacy," but one guided by the FTC's regime, which prohibits deceptive and unfair trade practices:
"Given the realities of this complex market, there is no basis for treating ISP data as somehow 'proprietary' or subjecting ISPs to unique privacy requirements. Consumers expect and deserve consistent privacy protections for their online data, regardless of which company is collecting it and the technology used to collect it.
"The FCC appears to want to place its thumb on the scale in favor of Internet companies and against the companies that invest in broadband infrastructure in this country."