FCC Privacy Rules Released

min read

(April 13, 2016) On March 31, the Federal Communications Commission (FCC) voted along party lines, 3-2, to officially issue a Notice of Proposed Rulemaking (NPRM) for establishing regulations on how Internet service providers (ISPs) collect user data while maintaining user privacy. The goal of the NPRM is to produce rules that restrict ISPs’ ability to share customer data and personal information with third parties. As Chairman Tom Wheeler stated, “It’s the consumers’ information, and the consumers should have the right to determine how it’s used.”

Under the proposal, new regulations would allow customers to opt out of programs under which their ISP tries to leverage their personal usage data to sell them additional services. A proposed new rule would also require ISPs to get explicit permission from their users to share such data with third parties.

Additionally, in the name of transparency, the proposed regulations would require ISPs to provide consumers with clear and consistent notice regarding the kinds of information about them the ISP collects, uses, and shares with third parties, as well as how consumers can change their privacy preferences in relation to that data. The new rules would also mandate that ISPs implement data security requirements, including risk management practices, strong customer authentication procedures, and personnel training practices, as well as data breach notification requirements. Broadband providers would also be held responsible for the use and protection of the customer data they share with third parties.

The comment period for the NPRM is now open, and interested parties can submit comments until June 27 by visiting http://apps.fcc.gov/ecfs/proceeding_search/input and entering the docket number, 16-106, in the “Proceeding Number” field.

Jen Ortega serves as a consultant to EDUCAUSE on federal policy and government relations. She has worked with EDUCAUSE since 2013 and assists with monitoring legislative and regulatory proposals across a range of policy areas, including cybersecurity, data privacy, e-learning, and accessibility.