WASHINGTON — Internet-service providers will have to get their customers’ permission to share their personal Website and app usage histories with third parties for marketing purposes.
That was the big takeaway from the Federal Communications Commission’s party-line vote — what isn’t these days? — Oct. 27 to approve new broadband privacy regulations. New rules were required because the Federal Trade Commission regulated broadband privacy up until the FCC’s reclassification of ISPs as common carriers under Title II.
“It’s the consumers’ information,” FCC chairman Tom Wheeler said. “It is not the network that the consumer hires’s information unless the consumer gives permission.”
NOT VERY FTC-LIKE
The FCC billed the proposal as an FTC-like approach that took the sensitivity of the information into account when deciding how it could be shared, similar to the FTC’s “privacy by design” approach.
But the FCC’s inclusion in its “design” of classifying Web browsing and app use under that “sensitive” definition — the FTC does not — and requiring subscribers to opt in made it seem to many ISPs, particularly those represented by NCTA – The Internet & Television Association, that the new proposal was not much different from the usage-based approach that was initially proposed and which ISPs said was overbroad.
Advertisers and agencies were using terms like “unprecedented,” “misguided,” “counterproductive” and “potentially extremely harmful,” while NCTA called it a “cobbled-together approach that abandons principles of fair competition.”
The FTC continues to regulate edge providers, including Google, and does not require them to get opt-in consent for sharing user information about Web activity with third-party marketers.
The broadband privacy order would permit “pay for privacy” arrangements — providing financial incentives for sharing information — but only on an opt-in basis, making clear what is being given up for what is being received. The commission reserves the right to review such offers on a case-by-case basis.
ISPs can’t make sharing information a quid pro quo for service (no take-it-or-leave-it offerings). And the item sets deadlines for reporting data breaches.
HEADED TO COURT?
Commission Republicans, strongly opposed to the order, said it would likely not survive judicial scrutiny. At least one group, ITTA-The Voice of Mid-Size Communications Companies, was already saying “see you in court” to the FCC.
When asked if it would also participate in such a suit, the NCTA said it would have to see the order first before deciding its next steps.
One small bright spot for ISPs: The privacy item did not include a prohibition on mandatory arbitration clauses that prescribe private arbitration, rather than class-action lawsuits, when customers have issues with their service. Commissioner Mignon Clyburn had pushed for that ban, and its absence might only be temporary.
Chairman Wheeler needed Clyburn’s vote on the overall item — she concurred in part as a signal of her displeasure that an arbitration clause prohibition was not included — and promised to launch an inquiry into the potential harms of the clauses (a notice of proposed rulemaking) by February.
The Great Privacy Divide
A divided Federal Communications Commission voted on new privacy rules that create a divide between the regulatory oversight of the FCC and the Federal Trade Commission. Comments following the vote were, not surprisingly, divided.
IN FAVOR: Demand Progress executive director David Segal: “Today, chairman Wheeler and commissioners Clyburn and Rosenworcel should be commended for asserting the FCC’s jurisdiction over how Internet providers protect their users’ privacy. Time and again, we have seen the country’s largest ISPs, including AT&T, Comcast and Verizon, violate the public’s privacy — severely eroding trust and chilling free expression online in service of corporate profits. Today’s vote is a step forward, but much more must be done.”
MIXED: USTelecom president Walter McCormick: “The FCC’s partial revision of its proposal to more closely align with the FTC approach is a welcome change for consumers. Unfortunately, the FCC has chosen to depart from the FTC framework in some areas, for example, by summarily classifying all Web browsing as sensitive information. This is a disservice to the goal of providing consumers with consistency in privacy expectations when they use the Internet and poses a threat to continuing Web innovation.”
OPPOSED: The Association of National Advertisers: “Subjecting virtually all Web browsing and application use data to opt-in consent is completely inconsistent with its long-standing treatment by the FTC, the states, and the Digital Advertising Alliance self-regulatory program. ANA believed it was a positive step when the FCC stated it would distinguish between sensitive and non-sensitive data, but this proved to be merely misleading lip service. The new definition of sensitive data adopted by the commission today would encompass and swallow a vast amount of routine consumer data on the Internet and mobile media.”