The Federal Communication Commission (“FCC”) has recently passed a set of rules that significantly improve consumer privacy. After last year’s new net neutrality and Internet laws were passed, Internet service providers (“ISPs”) were re-classified as “common carriers.” As such, the FCC gained jurisdictional oversight over the broadband services provided by telecommunication companies like AT&T, Time Warner, and Comcast.
These new FCC rules require ISPs to secure permission from consumers before collecting sensitive personal information on them. Specifically, ISPs must now ask consumers to “opt-in” in order to collect personal information such as browser history and habits, application usage, and geolocation information. Furthermore, the FCC now also requires ISPs to disclose to their customers how their personal information is being used and who they are sharing the information with.
The FCC’s new rules have some detractors. For example, many of the affected cable companies argue that the collection of personal information and analytics is integral to their pricing models and allows for the shifting of costs away from the consumer. Similarly, these companies also argue that the new requirement of “opting-in” may result in the unwanted effect of customers missing out on exciting new features in development or beta stages. In exchange for having customers beta test new services, many companies offer discounts in exchange for bug and error reporting. These new rules, companies argue, would hinder their ability to offer such deals.
Similarly, some experts also warn that the shifting in oversight from the Federal Trade Commission (“FTC”) to the FCC may be confusing to companies and legal practioners alike. In particular, it is notable that the new FCC rules apply only to the common carrier and broadband aspect of cable companies like AT&T and Time Warner. Certain Internet services (e.g., mobile applications) would not be subject to the FCC’s regulations. Instead, they would still remain under the FTC’s oversight. Likewise, Internet giants such as Google and Facebook do not qualify as “common carriers,” and as such, would not be subject to these new privacy requirements.
Moreover, while the FCC had passed these rules in October, they are not expected to go into effect until one year after publication in the Federal Register, which may push the actual implementation of these rules into late 2017 or early 2018. Additionally, broadband providers such as AT&T and Comcast have vowed to challenge these new rules and pursue court and legal interventions. Despite this, however, if these new rules were to go into effect, it will bring U.S. consumer privacy protection more in line with current European privacy protection.