Today, Federal Communication Commission (FCC) Chairman Tom Wheeler began a process to set rules governing how Internet Service Providers (ISPs) are able to use the massive amounts of data they collect on their customers. The Chairman issued a “Notice of Proposed Rulemaking” (NPRM). If approved by at least three out of five commissions on March 31st, the proposed rule will be available for public review and comment.
Chairman Wheeler’s proposal represents a good step toward creating rules that protect the privacy rights of consumers in the digital age. The proposal starts a crucial public dialogue about internet users’ control of their data and the methods by which ISPs process, sell, and use that data. It’s an acknowledgement that regulatory intervention is needed to right the balance.
While we support the Federal Communication Commission’s proactive approach to user privacy and data security, Access Now has identified a few areas in need of improvement.
First, the emphasis of these rules is permissive. It allows Internet Service Providers to use customer data in any way, only requiring opt in for some uses. The rule, as proposed, would allow private data to be shared or sold to marketing companies that create detailed profiles of customers. And yet, the rules provide few positive rights for consumers. There is no new right to access, modify, or delete this personal information, or to take that data to another provider if a customer wishes to switch ISPs.
It is also good that the Chairman’s proposal clearly addresses data breach on a national level. The Chairman’s leadership on this issue should be applauded. However, we are concerned that the proposal does not define what type of leak, exposure, or misuse constitutes a breach; how it defines the scope of personal or customer data covered; or what penalties it could levy for violations, whether they result from negligence or worse.
The Chairman must see this proposal simply as the beginning of a process of creating privacy protections that broadband users really need, rather than the final outcome itself.
Despite this room for improvement, we believe this preliminary proposal should be adopted on March 31st. We look forward to answering the Commission’s call for public comment, where the above issues and more can be fixed. The FCC has gained momentum in protecting and enforcing our rights to privacy and freedom of expression online in recent years, and we expect continued international leadership in its broadband internet access privacy regulation.