FCC Proposes Rules on Data Privacy and ISPs' Role in Collecting Customer Data

The FCC has circulated a Notice of Proposed Rulemaking (NPRM) on privacy rules for Internet Service Providers (ISPs). If approved, it would affect the use of consumer data by ISPs and telecommunication companies.

The FCC will vote on the matter, initiated by Chairman Wheeler, at their March 31 meeting. The vote is expected to be highly controversial since, along with other various stakeholders, Republican Commissioners Pai and O’Reilly have both expressed concerns that the FCC is not ideal for oversight of privacy. If adopted, the measure would then enter a public comment period.

The NPRM comes under the authority of the FCC’s Open Internet Order from February 2015. The FCC’s proposal would allow customers to opt out of having ISPs or telecommunication companies use their data for marketing purposes and from sharing data with their affiliated companies. Furthermore, it would require customers to opt in with express, affirmative consent to share data for all other uses.

ISPs and telecommunications companies, such as AT&T, have spoken in opposition to the proposal, asserting that the FCC is mistaken in its analysis of how broadband providers collect and utilize data from their own customers. The data that telecommunications companies have access to can also be accessed by Web browsers, search engines and operating systems deployed and owned by Internet companies or the edge providers. The telecommunications companies argue that there is no compelling reason why they should have a different set of rules for consumer privacy than other companies in the Internet ecosystem which fall under the Federal Trade Commission (FTC) regulatory regime. Indeed, ratings agency Moody’s Investor Services recently stated that telecommunications companies would be “severely handicapped [in their] ability to compete” and characterized the proposal as “credit negative.”

Broadband providers are concerned about the FCC’s new and expanding role in privacy rules because that has been the regulatory turf of the FTC for years. The FTC has touted its framework for privacy as stronger than the measures taken by their regulatory counterparts in the European Union, which are generally regarded in the media to be a model for the U.S. The FCC simply does not have the level of experience that the FTC has when it comes to consumer privacy issues. The ideal situation would have these two federal agencies working together more closely on the issues related to consumer privacy. 

It is interesting to note that a recent study from Georgia Tech concludes that ISPs have no better access to consumers’ data than do Google, Facebook or other similar services — in fact, with the increasing use of encryption technology and use of VPNs, ISPs increasingly have less access to data.

We will continue to monitor the developments surrounding this NPRM and look forward to the FCC’s debate over the issue at their next open meeting at the end of March.