Handling Consumer Data Should Reflect Common Decency. The FCC Thinks So, Too.
On Thursday, the FCC approved new rules that regulate how broadband providers handle and disclose the use of customer data collected through use of digital platforms, mobile devices, and the like. As the Washington Post reported, the FCC will "require Internet providers, such as Comcast and Verizon, to obtain their customers' explicit consent before using or sharing that behavioral data with third parties, such as marketing firms."
I have been tracking this story and its many tangents for years. It is important that we get some consumer protection and ground rules as the internet of connected things progresses and weaves into our lives. It is clear the Association of National Advertisers (ANA) will fight this and other obvious personal intrusions with all the verve, single-mindedness and deceitfulness they can muster. When one's moral barometer is solely dictated by greed, you are freed from common decency.
"It's the consumers' information," said FCC Chairman Tom Wheeler. "How it is used should be the consumers' choice. Not the choice of some corporate algorithm."
The rules also force service providers to tell consumers clearly what data they collect and why, as well as to take steps to notify customers of data breaches. Taking my personal information unknowingly is at best a form of burglary and an intrusion into the sanctity of my home. Jimmy Breslin once said, "The number one rule of thieves is that nothing is too small to steal."
So, too, is the incremental theft of my data. Little by little it is the death of personal privacy by a thousand cuts into our families' lives and safety.
As always your opinions are greatly appreciated.
[Editor’s Note: Read the full statement from the FCC below.]
FCC adopts privacy rules to Give broadband Consumers increased choice, Transparency and security for their personal data
Rules empower consumers to decide how data are used and shared by broadband providers
WASHINGTON, October 27, 2016 – The Federal Communications Commission today adopted rules that require broadband Internet Service Providers (ISPs) to protect the privacy of their customers. The rules ensure broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs.
The rules implement the privacy requirements of Section 222 of the Communications Act for broadband ISPs, giving broadband customers the tools they need to make informed decisions about how their information is used and shared by their ISPs. To provide consumers more control over the use of their personal information, the rules establish a framework of customer consent required for ISPs to use and share their customers’ personal information that is calibrated to the sensitivity of the information. This approach is consistent with other privacy frameworks, including the Federal Trade Commission’s and the Administration’s Consumer Privacy Bill of Rights.
The rules separate the use and sharing of information into three categories and include clear guidance for both ISPs and customers about the transparency, choice and security requirements for customers’ personal information:
- Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.
- Opt-out: ISPs would be allowed to use and share non-sensitive information unless a customer “opts-out.” All other individually identifiable customer information – for example, email address or service tier information – would be considered non-sensitive and the use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations.
- Exceptions to consent requirements: Customer consent is inferred for certain purposes specified in the statute, including the provision of broadband service or billing and collection. For the use of this information, no additional customer consent is required beyond the creation of the customer-ISP relationship.
In addition, the rules include:
- Transparency requirements that require ISPs to provide customers with clear, conspicuous and persistent notice about the information they collect, how it may be used and with whom it may be shared, as well as how customers can change their privacy preferences;
- A requirement that broadband providers engage in reasonable data security practices and guidelines on steps ISPs should consider taking, such as implementing relevant industry best practices, providing appropriate oversight of security practices, implementing robust customer authentication tools, and proper disposal of data consistent with FTC best practices and the Consumer Privacy Bill of Rights.
- Common-sense data breach notification requirements to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information.
The scope of the rules is limited to broadband service providers and other telecommunications carriers. The rules do not apply to the privacy practices of web sites and other “edge services” over which the Federal Trade Commission has authority. The scope of the rules do not include other services of a broadband provider, such as the operation of a social media website, or issues such as government surveillance, encryption or law enforcement.
Action by the Commission October 27, 2016 by Report and Order (FCC 16-148). Chairman Wheeler, Commissioner Rosenworcel approving. Commissioner Clyburn approving in part and concurring in part. Commissioners Pai and O’Rielly dissenting. Chairman Wheeler, Commissioners Clyburn, Rosenworcel, Pai and O’Rielly issuing separate statements.
WC Docket No. 16-106
This is an unofficial announcement of Commission action. Release of the full text of a Commission order constitutes official action. See MCI v. FCC. 515 F 2d 385 (D.C. Circ 1974).
Bob Sacks (aka BoSacks) is a printing/publishing industry consultant and president of The Precision Media Group (BoSacks.com). He is also the co-founder of the research company Media-Ideas (Media-Ideas.net), and publisher and editor of a daily international e-newsletter, Heard on the Web. Sacks has held posts as director of manufacturing and distribution, senior sales manager (paper), chief of operations, pressman, circulator and almost every other job this industry has to offer.