tom wheelerFCC Chairman Tom Wheeler is proposing new broadband consumer privacy rules determining how Internet service providers use and secure customer data, said senior FCC officials on a briefing call with reporters today. Noting that ISPs can tell which websites customers visit and how long they spend there, the officials said the proposal aims to give customers greater control over how that data is used. 

Wheeler’s proposal takes the form of a notice of proposed rule making (NPRM), which all five commissioners are expected to vote on later this month.

Broadband Consumer Privacy
According to an FCC fact sheet, Wheeler’s broadband consumer privacy proposal calls for ISPs to be able to use customer data “for the purposes of marketing other communications-related services” unless the customer opts out. Unless the customer opts out, ISPs also would be allowed to share customer data with their affiliates that provide communications-related services “for the purposes of marketing such services.”

All other uses of customer data, other than uses to which a customer inherently consents when signing up for service — such as using the customer’s address to send the customer a bill — would require customers to opt in.  

ISPs also would gain new data security requirements. According to the fact sheet, they would be required to “adopt risk management practices, institute personnel training practices, adopt strong customer authentication requirements, identify a senior manager responsible for data security and take responsibility for use and protection of customer information when shared with third parties.”

If a customer’s personal data is breached, the ISP would have to notify the FCC within seven days of discovery and notify the customer within 10 days of discovery. Breaches affecting more than 5,000 customers also would have to be reported to the FBI and the U.S. Secret Service within seven days of discovery.

Officials on the press call emphasized that the rules do not apply to websites or search engines such as Twitter, Facebook, Google, Yahoo or others.  When asked why ISPs were singled out, the officials noted that consumers can use a different search engine or social media site if they don’t like the provider’s policies; but once they have signed up for service from an ISP, switching is either not possible or is more complicated.

The FCC officials were unable to detail to what extent ISPs currently comply with the proposed guidelines. But news of the proposal comes just days after Verizon agreed to a settlement with the Commission involving the use of “supercookies” to track mobile customers’ Internet activities and sharing that information with third parties. 

The officials said the FCC is working on the new broadband consumer privacy rules because it is required to do so by communications legislation.

Asked whether ISPs would be allowed to give customers a discount for opting in to share personal information, the senior officials said the NPRM asks stakeholders for additional information on that topic.  Appropriate use by ISPs of aggregate customer data is also up for further discussion, the officials said.