On Thursday, March 10th, Federal Communications Commission chairman Tom Wheeler unveiled a proposed consumer data privacy rules for Internet service providers (ISPs), which would charge those telecom companies to provide more transparency on data privacy techniques to consumers. The proposal released by the FCC indicates that the agency is trying to apply the privacy requirements of the Communications Act to broadband Internet services to give consumers the choice over how broadband providers can use the data that consumer use of the service generates.
The rules developed by the FCC will charge ISPs with the responsibility of ensuring that consumer data is secure from unauthorized use or access. Broadband Internet providers would have to adopt risk management practices, strong customer authentication practices and take responsibility for the use of customer information which is shared with third parties. ISPs are not prohibited from using customer data for marketing purposes or sharing it with third parties, but customers will need to be notified and would have the opportunity to opt in or out of those services.
The proposed rules would also charge ISPs with informing consumers when their data is compromised by unauthorized parties. The rules would require ISPs to inform the FCC of detected data breaches affecting customer data within seven days of the detection and all consumers within 10 days of the detected malicious activity. Breaches affecting more than 5,000 customers must also be reported to the Federal Bureau of Investigation and the U.S. Secret Service within seven days of detecting the activity.
This news hasn’t been well-received by the telecom sector. Reports of official remarks from the National Cable and Telecommunications Association indicates that organization was disappointed that these rules would burden ISPs and not other online entities. The FCC’s rule proposal announcement notes that it doesn’t have regulatory authority over social media entities like Twitter or Facebook; those companies are under the authority of the Federal Trade Commission.
Wheeler has been dealing with some political turmoil coming from Capitol Hill over the past few weeks. An early March hearing in front of the Senate Committee on Commerce, Science & Transportations grew heated during exchanges between Wheeler and FCC commissioner Ajit Pai over how the FCC’s adoption of net neutrality rules have affected the Internet sector. Issues with the FCC’s net neutrality rules may also be behind a hold in the Senate’s renomination of FCC commissioner Jessica Rosenworcel; a post published on The Hill indicates that those holds could be rescinded if Wheeler publicly commits to leaving his post at the FCC in January, when the next White House administration will begin.
It may be worth noting to readers that this rule proposal comes a month after the U.S. and the European Union unveiled the new EU-US Privacy Shield, a new consumer data privacy regime which replaced safe harbor rules struck down last year by the EU. The proposed rules will be voted on at the next meeting of the FCC’s full commission on March 31st, followed by a period of public comment.