Broadband Internet access service (BIAS) providers collect, use, and share personal data from their customers. An ISP handles all of its customers’ network traffic, which means it has an unobstructed view of all of their unencrypted online activity – including the websites they visit and the applications they use, among other information. If customers have a mobile device, their provider can track their physical and online activities throughout the day in real time. Up to now, there have been no specific privacy protections for consumers using those services.
That changed in 2015, when the Federal Communications Commission (FCC) made the decision to apply the privacy requirements of the Communications Act to BIAS providers. The FCC now has the authority to determine the privacy protections applied to customer data. The rules for the kinds of data that should be protected and the types of privacy and security protections they should have are being determined now. CDT has advocated for the protection of personally identifiable information (PII), defined as any information that is linked or linkable to an individual, such as consumer location information, domain names of sites you visit, and Social Security Numbers. Combined with information like a timestamp and the phone owner’s name, this information is highly sensitive and BIAS providers are always privy to it. CDT also believes that the FCC should create rules that mandate this information not be shared without consent beyond what’s necessary for a consumer to get service.