Internet Consumer Privacy, the Most Recent FCC Order

FCC Internet Consumer PrivacyThis past spring we discussed net neutrality and dissected the FCC notice of proposed rule-making regarding net neutrality and consumer privacy. On October 27th the FCC voted to approve an order enacting significant rules to protect Internet consumer privacy.

A fact sheet provided by the FCC states,

“…..give consumers the tools they need to choose how their Internet service providers (ISPs) use and share their personal data.”

Why This Order:

The FCC, ordered by Congress, administers rules regarding consumer privacy and the telephone network.  With increased dependence on the Internet, ISPs have access to subscriber Internet usage data, on-line buying habits, and subscribers’ personal information. The Commission enacted the Open Internet order that redefined Broadband Internet as a telephone service, thus opening the door to address Internet related consumer privacy. The order ensures that subscribers have control over an ISP’s use, sale, or sharing of the information it collects.

Significant Elements of the Internet Consumer Privacy Order:

Clear Notice.  An ISP Must:

  • Notify customers as to what information the ISP collects about its customers.
  • Specify how, and for what purposes, the ISP uses and shares this information.
  • Identify the types of entities with which the ISP shares this information.
  • ISPs must provide this information when a customer signs up for service, and also must update customers when the ISP’s privacy policy changes in significant ways.
  • The information must be persistently available on the ISP’s website or mobile app.

OTELCO has not, and does not track a customer’s internet use, nor does it sell that information. OTELCO has always taken its responsibility to safeguard customer privacy very seriously.

 

Increased Consumer Choice

Opt-In:

Only with consumer consent can an ISP share the following “sensitive” information

  • Precise geo-location (typically the real-world location of a mobile phone or other device)
  • Children’s information
  • Health information
  • Financial information
  • Social Security numbers
  • Web browsing history
  • App usage history
  • The content of communication

Opt-out:

In most cases, use and sharing of non-sensitive data, such as service level information, would be permitted — UNLESS the consumer says otherwise.

Customer consent is inferred for certain purposes, including:

  • Use and sharing of non-sensitive information necessary to provide and market services and equipment that might accompany broadband service.
  • To provide the broadband service, and bill and collect for the service.
  • To protect the broadband provider and its customers from fraudulent use of the provider’s network.
Interner Consumer Privacy redacted-phone-bill

All identifying sensitive information is redacted to protect consumer privacy.

Exceptions to the Consent Requirements:

De-identified Information is excluded from a subscriber’s consent, however, should an ISP chose to share such information it must:

  • Alter the customer information so that it can’t be reasonably linked to a specific individual or device.
  • Publicly commit to maintain and use information in an unidentifiable format and to not attempt to re-identify the data.
  • Contractually prohibit the re-identification of shared information.

The Order prohibits “take-it-or-leave-it” offers, meaning that an ISP can’t refuse to serve customers who don’t consent to the use and sharing of their information for commercial purposes.

Not surprisingly, this is our government after all, there is much more information in this Internet Consumer Privacy Order, not the least of which is what this order DOESN’T cover.  More next week.