Skip to Content

Privacy & Data

Strong FCC Broadband Privacy Rules a Win for Consumers

Today, the Federal Communications Commission (FCC) voted to extend crucial privacy protections to broadband users. The new rule empowers consumers to control how broadband providers use and share their information. The Center for Democracy & Technology (CDT) worked with the FCC, civil society, and other stakeholders throughout the process to ensure that the final rule offered meaningful privacy protections.

“This rule represents a significant step forward in protecting internet users, who have no choice but to expose massive amounts of information to broadband providers. It reflects the reality that where we go online is private and the people we pay to carry our communications should treat them as private,” said Chris Calabrese, CDT’s Vice President of Policy.

The rule requires broadband providers to get opt-in consent before using or sharing customers’ “sensitive” information for purposes other than providing broadband service. This information includes the content of communications, location information, and web browsing and app usage history. In order to use “non-sensitive” information, providers must obtain opt-out consent. Although CDT does not support distinguishing between “sensitive” and “non-sensitive” information in the broadband context, we are pleased that the FCC’s definition of “sensitive” information is broad.

The rule does allow broadband providers to use de-identified data without users’ consent, but imposes strong de-identification requirements and standards, placing the burden on providers to ensure that information is not re-identified. “The FCC’s promise to enforce strong de-identification requirements is essential to protecting customers’ anonymity,” Calabrese said. “Absent effective, proven de-identification methods, third parties have both the incentive and the ability to re-identify information.”

The rule does make changes that allow ISPs to use consumer information to market their own products without any avenue for opt-out for the consumer. “While we would prefer consumers be able to opt out of sharing this information, the narrow product types covered by the exception – only including offerings of cable, wireless, internet, and phone services – make the overall rule a major net gain for the privacy of broadband customers,” said Calabrese.

The rule does not explicitly mention IP and MAC addresses, but CDT urges the FCC to interpret the rule going forward to include such information within the definitions of web browsing and app usage history.

The broadband privacy rule sets an important standard for protecting internet users. CDT will work to support and expand the protections in the rule, as well as baseline privacy laws that will uniformly protect consumers throughout the digital ecosystem.

Related Reading

Samir Jain Testimony for House Committee. White document on black background.

CDT VP of Policy Samir Jain Testimony Before U.S. House Energy & Commerce Committee on “Legislative Solutions to Protect Kids Online and Ensure Americans’ Data Privacy Rights”
The CDT logo. A light and dark grey "cdt" alongside "Center for Democracy & Technology" on a white background.

Deprecating third-party cookies: a small step towards a more private web
CDT brief, entitled "Unintended Consequences: Consumer Privacy Legislation and Schools." White and blue document on a grey background

Brief – Unintended Consequences: Consumer Privacy Legislation and Schools