Modern field guide to security and privacy

What the FCC privacy push means for consumers, Internet providers

The Federal Communications Commission has proposed new security and privacy standards for broadband providers. Industry groups complain the proposal goes too far.

|
Carlos Barria/Reuters
FCC Chairman Tom Wheeler at a Senate hearing in May 2015.

In a move toward becoming a more robust privacy cop, the Federal Communications Commission this week released a draft framework for how broadband providers should safeguard consumer data.

The proposal aims to give individuals controls over how Internet providers and telecommunication companies collect and use their information. It would also put greater responsibly on broadband providers for securing personal information.

While critics say the FCC is going too far in trying to police online privacy and just layering more rules onto an already over-regulated industry, privacy advocates hailed the FCC's move as an important step forward toward improving consumer privacy and security.

"Given the importance and the urgency of making the communication sector is secure," said Harold Feld, senior vice president at the advocacy group Public Knowledge, "it certainly makes sense to have the FCC apply its expertise to this area."

One of the most significant aspects of the draft is the requirement that consumers must consent before companies can share their information with third parties for any reason other than marketing and billing. This "opt-in" policy differs from the current "opt-out" structure that many broadband providers adhere to.

Additionally, the framework calls on broadband providers to notify affected customers of a data breach within 10 days of discovering the issue and the FCC within a week.

The framework is part of the FCC's newly designated authority over broadband providers. Previously, broadband providers fell under the joint jurisdiction of the FCC and Federal Trade Commission (FTC). But that changed with the FCC’s ruling on net neutrality last year, which sought to prevent Internet service providers, or ISPs, from favoring or blocking online content.

Broadband providers were reclassified from a "utility" to a "common carrier," bringing them directly under the FCC's control and excluding them from the FTC's sphere of authority. The providers wouldn’t be subject to net neutrality requirements if they were still classified as a "utility."

What that means is now the FCC has the ability to exercise its rulemaking powers on broadband companies. Whereas the FTC relied on setting precedent with specific rulings following cases over corporate infractions, the FCC can proactively establish rules to address issues such as privacy.

"Its rulemaking authority gives it a tremendous advantage over the FTC," said Mr. Feld.

Penalties, Feld said, could include withholding federal subsidies from a provider if that provider fails to adequately protect its customers' information, requiring providers to implement a data security training program for its employees. The FCC can also require audits.

Fines, on the other hand, are likely to resemble past FCC action against companies. For instance, the agency fined Verizon Wireless $1.35 million for violating a transparency rule that requires ISPs to inform their customers about their network management practices.

Verizon used a pervasive tracking cookie for two years without disclosing it to their customers or obtaining consent for such a practice. AT&T is also currently contesting a $100 million fine from the FCC for cutting down the Internet speed of its unlimited data plan customers without properly notifying them. 

While the broadband aspect is recent, privacy enforcement isn't an entirely new role for the agency. In 2007, the FCC issued data protection requirements for telecom providers to avoid data breaches or "unauthorized disclosure," part of which was a requirement to notify customers of a breach.

In a recent letter to the FCC signed by 12 privacy groups, including Public Knowledge and the Electronic Privacy Information Center (EPIC), privacy advocates urged the agency to place the burden of ensuring privacy on companies instead of consumers.

"We think that privacy shouldn’t be a privilege. It should be for everyone. It should be a human right and be treated as such," said Claire Gartland, consumer protection counsel at EPIC. 

But as privacy advocates have cheered the FCC's draft privacy rules, the telecom industry is pushing back. Five telecoms, in a separate letter, argued for a looser framework.

Instead of mandating specific actions providers should take to protect various data, the letter said, the framework should lay out a privacy goal and let each telecom decide how to meet that. The letter also expressed a desire for breach notifications to customers and a data security program. Their suggestion for transparency about their data collection and sharing practices does not specify whether it would resemble something akin to a privacy policy or notice for each instance of such collection.

At the end of the month, the FCC will take the proposal to a vote and open a period for public comments, after which it will review and respond to the comments submitted. A final ruling will follow.

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to What the FCC privacy push means for consumers, Internet providers
Read this article in
https://www.csmonitor.com/World/Passcode/2016/0311/What-the-FCC-privacy-push-means-for-consumers-Internet-providers
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe