In October 2016, the Federal Communications Commission (FCC) adopted rules giving internet users control over how broadband providers use and share their personal information. Groups representing telecommunications companies have petitioned the FCC to weaken or rescind the rules and have asked Congress to roll them back.
Rolling back the broadband privacy rules would put consumers at the mercy of the companies they rely on for internet service, without any clear privacy protections for the sensitive personal information those companies have access to. This FAQ is meant to inform internet users, policy makers, and the media about the basics of the FCC’s broadband privacy rule, why it’s under attack, and why it must be preserved.
Why broadband privacy?
As the primary conduit to internet access, broadband internet providers occupy a special role in consumers’ lives. By virtue of this special relationship, broadband providers have access to a lot of personal information, including where we go online. This information can reveal sensitive details about our personal lives, including shopping habits, medical conditions, sexual orientation, and financial status. Most people have very little choice among broadband providers, making it difficult to shop around for the most privacy-protective company. This relationship between broadband providers and subscribers demands a high degree of trust that providers won’t misuse their customers’ sensitive information. The FCC’s rule ensures that this trust will not be exploited.
What does the broadband privacy rule do?
The rule requires providers to give clear notice of and get consent for most uses and sharing of subscribers’ information for purposes other than providing broadband service. Providers must get opt-in consent to use or share sensitive information, which includes the content of communications, location information, and web browsing and app usage history. For a full explanation of the rule, read our detailed fact sheet.
Why is the broadband privacy rule under attack?
Opponents of the rule have argued that the FCC lacks authority to protect broadband customers’ privacy, that broadband providers should be free to use and share their customers’ data—particularly browsing history–and that broadband providers should be subject to the same regime as other internet companies, such as Google and Facebook.
How are broadband providers different from other internet companies?
Telecommunications companies act as the “on ramp” to the internet. Unlike with other companies, internet users cannot avoid subscribing and disclosing comprehensive browsing history to broadband providers, and there is very little meaningful competition in the broadband market. This unique relationship demands a high degree of trust, and that trust must be preserved with clear rules requiring ISPs give notice and get consent for most uses of customer data.
Why the FCC?
While CDT has advocated for comprehensive privacy legislation that protects information throughout the internet ecosystem, no such legislation exists. In its absence, the FCC is the sole guardian of internet users’ control over their personal information with respect to broadband providers. In its 2015 Open Internet Order, the FCC reclassified broadband providers as common carriers under Title II of the Communications Act of 1934. Title II requires common carriers to protect the confidentiality of customer information. The broadband privacy rule fulfills this mandate.
Why not the FTC?
Some opponents of the broadband privacy rule argue that the Federal Trade Commission (FTC) is better positioned to protect broadband consumers’ privacy. However, Title II common carriers are exempt from the FTC’s authority to regulate unfair and deceptive trade practices under Section 5 of the Federal Trade Commission Act. Moreover, the recent Ninth Circuit decision in AT&T Mobility v. FTC held that the FTC lacks Section 5 jurisdiction over the activities of a provider with common carrier status. This means that if the broadband privacy rule is rescinded or removed by Congressional mandate it will leave the gates wide open for broadband providers to use and share as much personal information about subscribers’ as they wish, with little to no oversight or protections for privacy.
Why are browsing and app usage history considered sensitive by the FCC’s rule?
The websites you visit and the apps you use can reveal a great deal of personal information, such as health conditions, sexual preferences, political associations, and religious practices. This information is highly valuable to advertisers and other third parties, but most people would not expect their ISPs to use or share it—at least not without consent. Broadband customers cannot avoid sharing this information with their providers, and even encrypted traffic—which accounts for a small fraction of all internet traffic—may still reveal some sensitive information.