A coalition of 59 organizations on Wednesday sent a letter to U.S.Federal Communications Commission Chairman Tom Wheeler calling on him to get cracking on privacy protection rules for consumers.
The coalition wants Wheeler to “move forward as quickly as possible on a Notice of Proposed Rulemaking proposing strong rules to protect consumers from having their personal data collected and shared by their broadband provider without affirmative consent, or for purposes other than providing broadband Internet access service.”
It also wants the proposed rules to provide for data breach notifications, hold broadband providers accountable for any failure to take appropriate precautions to protect personal information collected from users, require broadband providers to clearly disclose their data collection practices to customers, and let subscribers ascertain whom their data’s disclosed to.
“Chairman Wheeler is eager to hear from all stakeholders on the right path forward for ensuring consumer privacy on broadband networks,” FCC spokesperson Kim Hart told the E-Commerce Times.
Why the Big Push
Wheeler repeatedly has put off working on proposals for consumer rights for customers of broadband service providers, despite having repeatedly pledged to do so publicly after committing in the FCC’s Open Internet Order, released March 2015, to address privacy issues.
He announced in June that the FCC would issue a notice of proposed rulemaking in the autumn.
Then in November, he told Charlie Rose the commission would tackle the issue of online privacy in the next several months.
Broadband providers’ data collection practices “are murky at best,” remarked John Simpson, director of the privacy project at Consumer Watchdog.
“We believe a subscriber’s information should only be shared with others with the subscriber’s consent,” he told the E-Commerce Times. “It should only be used by the ISP to provide service. If the ISP wants to use it for some other purpose, perhaps marketing to the subscriber, the subscriber should give consent for that additional purpose.”
Protecting Personal Data
Currently, broadband providers are regulated under Section 5 of the Federal Trade Commission Act, Alexandria Bradshaw, a spokesperson for the Center for Democracy and Technology, pointed out.
That lets the FTC address unfair or deceptive practices resulting in consumer privacy violations, but it “doesn’t give the agency authority to establish prospective privacy rules,” she told the E-Commerce Times. It helps address bad actors after the fact but “doesn’t put privacy standards in place to avoid those bad acts.”
Applying Section 222 of the U.S. Code to broadband “will help put these standards in place,” Bradshaw added, and “give broadband customers control, albeit limited control, over how certain data is shared.”
Section 222 refers to the privacy of telecom carriers’ customer information.
The FCC’s assertion of its authority to establish rules for broadband providers follows on the adoption of net neutrality, which providers have been fighting against.
Two industry groups filed lawsuits against the FCC shortly after net neutrality rules were passed last year.
The FCC is “thinking in terms of maximizing access and setting standards for access — net neutrality, nondiscrimination and so forth,” remarked Mike Jude, a research manager at Frost & Sullivan.
“I don’t think it thought about the privacy issue, which is a very sticky one,” he told the E-Commerce Times. Privacy’s “easily managed” in the telephone company world, which uses point-to-point communications, but “the Internet is a broadcast service. How do you enforce privacy there? Add a disclosure notice to everything?”
The assertion of privacy, Jude added, “will give the FCC broad regulatory authority to get its nose into everything.”