The U.S. Federal Communication Commission (FCC) has passed long-expected new orders that will give consumers the tools to choose how ISPs (Internet Service Providers) can use their personal information while they use their services.
Mandated by Congress itself, the FCC has strong beliefs that it has successfully overseen consumers’ privacy regarding telephone networking for decades; these proposed rules would apply their expertise to the broadband world.
The rules might see as tougher by ISPs, but according to FCC, the rules do not prohibit ISPs from using or sharing customers’ information, they just want customers to handle the ‘driver’s seat’ because whose data is it anyway?
While some privacy advocates seem content with the decision, others wanted FCC to extend the ruling to non-ISPs like Google and Facebook.
In the fact sheet issued, the FCC clearly states ‘Consumers Deserve Increased Choice, Transparency, and Security Online‘ as its aim. FCC says,
ISPs serve as a consumer’s “on-ramp” to the internet. Providers have the ability to see a tremendous amount of their customers’ personal information that passes over that internet connection, including their browsing habits.
Consumers deserve the right to decide how that information is used and shared – and to protect their privacy and their children’s privacy online.
Now it is a clear notice that broadband ISPs are required to inform and ask customers what information they will collect, how and when they share it, and with what ‘type of entities’ they share it with.
Where your information will be sensitive, you will have to opt-in and give your consent before they can use or share it. What “sensitive” includes? Your precise geolocation, Health; Financial; Social Security; Children information, web-browsing history, content of communication, and app usage history.
(Note that, your ISPs can share or use your information only if you give explicit permission, so you should watch out for pleasing and inviting dialogue boxes.)
For ‘all other individually identifiable customer information,’ for example, service tier information that you subscribed to will be deemed non-sensitive and your ISP can use or share it unless you opt-out.
However, there are some exceptions to these consent requirements. Your consent is deemed ‘inferred’ for the use non-sensitive information “to protect the customers and broadband provider from frauds; to help provide broadband service and bill and collect for it, and to provide and market equipment and services typically marketed with your broadband service.”
Moreover, your ISPs is required to issue notifications in case of service breach for no known reasons.
Your ISP can use any ‘de-identified’ information that has been disassociated from your identity, ‘only‘ if they take heavy precautions against re-identifying it. However, your ISPs can no longer refuse your business if you do not agree to opt-in on the use of private data. And, if ISPs offer any discounts for your private information (pay-for-privacy), in that case, they will have to provide ‘heightened disclosure’ for such plans.
For the implementations of new rules, large ISPs will take 1 year; and smaller ISPs will take 2 years, considering the fact that it the rule does not get challenged in court. The rule passed by democrats on the majority of 3-votes to be in YES and 2-votes to be in NO favor. This might also get changed subject to presidential administration… but these changes remain to be seen.
Image courtesy: FCC