Last week during its meeting the Federal Communications Commission (FCC) issued a Notice of Proposed Rulemaking (NPRM) related to consumer privacy related to broadband and other data services. As seems to be the new normal in Washington, the Commission approved the notice along partisan lines, 3-2. Comments will be accepted until May 27 (and replies to submitted comments are due June 27). However, since the ability of the FCC to regulate Internet services, particularly its net neutrality proposal, is subject to a court case, it may be a long time before the rules are implemented (assuming they are).
As FCC Chairman Wheeler described the proposal in a memo released in March, the proposed rules would provide consumers the opportunity to opt out of sharing certain kinds of information with their Internet Service Provider (ISP). This would cover marketing non-Internet/broadband services of that ISP as well as sharing information with affiliates that offer similar services. Information required for the ISP to provide its services and to market the ISP’s Internet/broadband services (like a service providing faster speed) to that customer would not be eligible for opting out. Information sharing for any other purposes would have to be expressly opted in by the customer.
Other parts of the NPRM cover data security requirements and data breach notification requirements for consumers. While these components may not draw as much attention as the information sharing provisions, effective management and use of data requires that all three aspects are covered.
Aside from a general lack of interest in FCC regulations, broadband providers consider the proposed rules unequal treatment because such regulations would not cover information technology companies that do not fall under FCC regulation like Apple or Google. I think these companies (including major services like Facebook that also collect and use consumer data) need to provide consumers with the kinds of protections outlined in the proposed rules, but at present it will have to be done through the Federal Trade Commission. Now it’s possible that something like Google Fiber might place that company under FCC jurisdiction, but I think it more pragmatic to determine how best to extend those protections to those Internet companies that rely on consumer data but don’t own or operate the infrastructure that shares it.