New FCC rules could require ISPs to get user permission about data sharing

11 Mar 2016

FCC chairman Tom Wheeler has called for new rules for broadband service providers to get user opt-in before sharing data for advertising purposes

The US Federal Communications Commission (FCC) is proposing new rules that will require internet service providers (ISPs) to get permission from users before they can share data about customers’ online activities with advertisers.

FCC chairman Tom Wheeler has called for broadband service providers to disclose how data is collected about users’ online browsing activities.

He also wants to see companies bolster the security of customer data.

This will significantly curb the ability of companies like Comcast and Verizon, for example, to share advertising data.

In effect, the FCC is establishing privacy rules for companies that manage web traffic and this is the next major step change in US telecoms policy after net neutrality.

‘This isn’t about prohibition; it’s about permission’
– TOM WHEELER, FCC CHAIRMAN

“We all know that the social media we join and the websites we visit collect our personal information, and use it for advertising purposes. Seldom, however, do we stop to realise that our ISP is also collecting information about us,” Wheeler said in an op-ed in the Huffington Post.

“What’s more, we can choose not to visit a website or sign up for a social network, or choose to drop one and switch to another. Broadband service is different. Once you subscribe to an internet service provider – for your home or for your smartphone – you have little flexibility to change your mind or avoid that network.”

Wheeler pointed out that because the ISP handles all network traffic it has a broad view of a user’s unencrypted online activity.

ISPs have access to an unencrypted feed all about your private life

“If you have a mobile device, your provider can track your physical location throughout the day in real time. Even when data is encrypted, your broadband provider can piece together significant amounts of information about you – including private information such as a chronic medical condition or financial problems – based on your online activity.”

Wheeler said that strict regulations exist around what phone companies can do with such information and that similar rules are required for the information collected by ISPs.

“I’m proposing to my colleagues that we empower consumers to ensure they have control over how their information is used by their ISP. Every broadband consumer should have the right to know what information is being collected and how it is used. Every broadband consumer should have the right to choose how their information bits should be used and shared. And every consumer should be confident that their information is being securely protected.

“This is not to say network providers shouldn’t be able to use information they collect – only that since it is your information, you should decide whether they can do so. This isn’t about prohibition; it’s about permission.”

Wheeler proposes users can opt in or opt out of the various uses ISPs could have with the rich trove of data they can glean from web traffic about users.

“One of the most important things to remember about this proposal is that it is narrowly focused on the personal information collected by network providers. The privacy practices of the websites that you choose to visit are not covered by this proposal,” Wheeler said.

FCC image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com