Recently, Federal Communications Commission (FCC or Commission) Chairman Tom Wheeler circulated to the Commission a revised proposed order to regulate the data privacy and security practices of internet service providers (ISPs) (also known by the Commission as broadband internet access service (BIAS) providers). We previously wrote about the Commission’s initial proposal in this regard (available here), which was criticized by the industry and even the Federal Trade Commission (FTC) as inconsistent with data privacy standards applicable to the rest of the internet (e.g., social media platforms, search engines, etc.). Based on a fact sheet issued by Chairman Wheeler’s office (available here), the revised proposal, which is set to be voted on by the full Commission on Oct. 27, 2016, strives to be more consistent with the FTC approach to privacy and data security, but with special considerations for the telecom industry. The fact sheet previews the revised approach, including requirements for:
- Opt-in consent for any use or sharing of sensitive information, which the proposal defines as including geo-location, children’s information, health information, financial information, Social Security numbers, Web browsing history, app usage history and content of communications – a more expansive definition of sensitive data than under the historical FTC approach, at least so far as usage data is concerned (which will affect the ability to engage in interest-based advertising).
- An opt out for use and sharing of nonsensitive information.
- Strong protections for use and sharing of de-identified information.
- Prohibition of “take-it-or-leave-it” offers requiring consent to data sharing and use that are not necessary to provide the service, as a condition of obtaining the service.
- Heightened notice requirements for discounts and other incentives in exchange for consumers’ express affirmative consent to the use and sharing of their personal information to the extent not necessary to operate the service, and restrictions on pricing services for those who do not consent, because “[c]onsumers should not be forced to choose between inflated prices and maintaining their privacy.”