Republicans and Democrats in Congress and the members of the Federal Communications Commission are wasting no time taking sides for or against newly proposed net neutrality regulations governing how Internet providers handle user data.
The agency dropped a draft of the highly anticipated and often-delayed rules Thursday, outlining rules for customer data collection and use for broadband providers like Verizon, AT&T, Comcast, Cox, Time Warner Cable and others recently brought under the agency’s privacy jurisdiction via the 2015 Open Internet Order.
Under the new regulations, broadband providers will be given automatic customer consent to collect and use data required for the delivery of Internet service, including advertising new products and services.
“For example, your data can be used to bill you for telecommunications services and ensure your email arrives at its destination, and a broadband provider may use the fact that a consumer is streaming a lot of data to suggest the customer may want to upgrade to another speed tier of service,” the agency explained in a fact sheet.
Providers will also be allowed to share customer data with affiliates for similar advertising, but must give customers the ability to opt-out of such sharing.
That means Verizon could use data from a Fios customer to market wireless services to the same customer, unless they explicitly tell the company not to.
Outside of affiliates, customers will have to explicitly “opt-in” for a provider to use their information for anything else, including sharing with outside third parties.
Providers would also face stiffer standards for protecting customer data, including setting up new risk management and personnel training, appoint a senior manager for data security, installing strong customer authentication requirements and accepting responsibility for all data shared with third parties.
In the event of a data breach, providers would have 10 days to notify customers, seven days to notify the commission as well as the FBI and U.S. Secret Service in the event of breaches affecting 5,000 or more customers.
“The chairman’s proposal does not prohibit ISPs from using or sharing customer data, for any purpose,” the agency said in the sheet. “It simply proposes that consumers have choices – either to opt out in some instances or to require that the ISP first obtain customers’ permission before using and sharing the customer’s data in others.”
The rules expressly state the data privacy practices of edge providers like Google, Facebook, Twitter, Amazon, Netflix and others will continue to fall under the oversight of the Federal Trade Commission.
Privacy groups and Democrats celebrated the move and urged the agency to vote in favor of the proposal.
“We applaud the chairman for taking a decisive step to protect consumers,” Meredith Rose, staff attorney at the pro-net neutrality interest group Public Knowledge said in a statement. “That he has done so despite overwhelming industry opposition shows a deep commitment to the commission’s role as a consumer protection agency.”
Massachusetts Democratic Sen. Ed Markey, a member of the Senate Commerce, Science and Transportation Committee charged with overseeing the FCC and a leading privacy advocate in the upper chamber, urged swift consideration of the rules.
“I applaud Chairman Wheeler for releasing a proposal to ensure broadband customers have their privacy protected,” Markey said. “Internet service providers have a duty to protect the privacy of consumers who use the company’s wired and wireless infrastructure to connect to the world.”
“I urge the commission to take up the proposal at its March meeting and move quickly to put these rules on the books.”
Opponents who’ve lobbied for months for the FCC to follow the FTC’s lead in regulating data privacy on a case-by-case basis instead of establishing set standards and rules hit back against the proposal, scheduled for an agency vote on March 31.
“The pretense of protecting consumers’ privacy is employed by the FCC to limit competition in the online advertising market in service of Internet behemoths wanting to protect their turf,” AEI’s Roslyn Layton wrote Friday.
Layton said the FCC’s move to pick winners and losers in the Web economy by targeting certain entities because of their increased access to user data “on the surface, seem like do-goodism, but in reality are corporate cronyism.”
“When the FCC (a presumed expert, independent agency) is captured by Internet companies, consumers and fledgling advertisers are prevented from enjoying the competition that broadband providers can bring to the online advertising marketplace,” Layton said.
Republican FCC Commissioner Michael O’Rielly targeted the agency’s territorial expansion in his own statement, suggesting the FCC “lacks expertise, personnel, or understanding” to regulate privacy, and described the approach as “reckless.”
“The ‘fact’ sheet demonstrates that the FCC is doubling down on its misguided and broken net neutrality decision by imposing troubling and conflicting ‘privacy’ rules on Internet companies, as well as freelancing on topics like data security and data breach that are not even mentioned in the statute.”
USTelecom, the broadband trade group leading the pending court challenge against the FCC’s net neutrality order, took a more nuanced approach, encouraging the FCC to lean toward the FTC’s “flexible” approach while it considers the rules.
“Consumers should be able to count on privacy rules that are evenly applied across the Internet economy,” USTelecom President Walter McCormick said. “We urge the commission to implement the general principles we have outlined in a flexible way based on the Federal Trade Commission’s longstanding and effective approach to privacy that has applied across the Internet, including to broadband providers, for years. Fragmenting current privacy protections for using the Internet won’t serve anyone well.”