FCC: ISPs Must Obtain Consent to Collect Consumer Sensitive Information
(October 27, 2016) Internet Service Providers (ISPs) must now obtain affirmative consent if they want to use and share sensitive personally identifiable information of consumers under new rules adopted by the Federal Communications Commission (FCC).
The FCC said the approved new rules “ensure broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs.” The rules apply only to broadband carriers that fall under FCC jurisdiction and not to privacy policies of websites or other services such as Google, Twitter, and Facebook, which fall under the Federal Trade Commission’s (FTC) jurisdiction or the White House’s Consumer Privacy Bill of Rights.
According to the FCC, the rules are designed so that consumers can “make informed decisions about how their information is used and shared by their ISPs.” The new rules establish three levels for consent:
- Sensitive information. ISPs must obtain affirmative “opt-in” consent from consumers to use and share sensitive information, which include precise geolocation, financial information, health information, children’s information, social security numbers, web browsing history, app usage history, and the content of communications.
- Non-sensitive information. Consumers may “opt-out” of allowing ISPs to share non-sensitive information such as email addresses or service tier information.
- Inferred consent. Consumer consent is “inferred” for the provisioning of broadband service, billing, and collection. This consent is given when the customer signs up for service.
The FCC rules require that ISPs tell customers what types of information the ISP collects, specify how and for what purposes the ISP uses and shares the information, and identify the types of entities with whom the ISP shares the information. The information must be made available to consumers when they sign up for service and must be persistently available on the ISP’s website or mobile app. The rules also require that the ISP notify customers when a breach of security occurs.
Balough Law Offices, LLC assists its clients in developing website terms of service, including privacy policies.