The Federal Communication Commission (FCC) has adopted new rules that will require Internet Service Providers (ISPs) to obtain customers' permission before they sell their data for marketing purposes. On 27 October, the Commission's Democratic majority secured the passage of the rules with a 3-2 vote, with Republicans opposing adoption. Chairman Tom Wheeler feels the rules will help users decide how others use their information. As quoted by Ars Technica:
"It is the consumer's information, it is not the information of the network the consumer hires to deliver that information. What this item does is to say that the consumer has the right to make a decision about how her or his information is used."
According to a fact sheet (PDF) issued by the FCC, consumers will have a choice as to what types of data ISPs can collect about them under the new rules. For instance, ISPs will need to obtain users' "opt-in consent" for certain pieces of sensitive information like precise geo-location data, Social Security Numbers, app usage and web browsing histories, and communication content. Users will also have the ability to opt-out of agreements under which third-parties can share non-sensitive information like their e-mail addresses. Otherwise, ISPs can continue to share that information with marketing agencies.
In the meantime, the FCC will hold ISPs to a higher standard when it comes to safeguarding users' information. Each and every provider will need to consistently and clearly articulate to its consumers in what manner it will collect their information. To make sure no one abuses that information, ISPs will need to implement best security practices and notify customers in a timely manner in the event of a data breach. The rules have received a mixed reception thus far. ISPs mainly lobbied against the rules while they were still in proposal, with Emmett O’Keefe of the Direct Marketing Association stating the new requirements "would unnecessarily disrupt the advertising ecosystem that fuels the explosive growth of the online economy." On the other hand, privacy groups like the Center for Democracy and Democracy have celebrated the rules' adoption as "a significant step forward in protecting internet users, who have no choice but to expose massive amounts of information to broadband providers." News of these new requirements follows more than a year after the FCC investigated three call centers in Latin America that exposed the personal information of nearly 280,000 U.S. customers.
