Today, the Federal Communications Commission (FCC) circulated a fact sheet describing a modified Notice of Proposed Rulemaking (NPRM) that would extend robust privacy protections to broadband internet customers. This proposal promises to give consumers meaningful control over how their information is used and shared by broadband providers. The Center for Democracy & Technology (CDT) has long expressed support for strong customer controls over personal information.
“Our web browsing and app usage history represents some of our most personal data, making strong privacy protections for it essential. Today’s proposal from the FCC represents real progress in empowering consumers to take control of their data,” said Chris Calabrese, CDT’s Vice President of Policy. “There are still important details to sort that could potentially weaken the proposed rules. The definition of ‘sensitive’ data must remain as broad as possible and genuine controls need to be in place to avoid any re-identification of user data.”
According to a fact sheet, broadband providers will have to get customers’ opt-in consent to use their web browsing and app usage information, including the URLs they visit, the apps they use, and the content they send and receive, for purposes other than providing subscription services. The fact sheet also allows providers to use de-identified information if they abide by certain procedures and commit to not re-identifying the information or allowing others to do so.
“These rules will extend crucial protections to broadband customers, who have no choice but to disclose many of their digital activities and communications to broadband providers. The type of controls proposed would give broadband customers real choice regarding how their information is used and shared,” Calabrese added.
CDT still does not support drawing a distinction between “sensitive” and “non-sensitive” information in the broadband context, but were pleased that that the proposal defines sensitive information broadly to include all content, browsing information, and app usage data. The details on how information will be de-identified and what controls providers can meaningfully impose to avoid future re-identification must also be addressed.
CDT will continue to advocate for the timely adoption of a final rule that provides the strongest protections for consumers.