On November 2, 2016, the Federal Communication Commission (FCC) released their broadband privacy protection order, which came almost 18 months after the FCC reclassified broadband internet service (BIAS) as a common carrier telecommunication service under Title II of the Communications Act (the Act). The order communicates three main goals to be accomplished via the expanded consumer privacy standards: transparency, choice, and security for customers.
The FCC explained that expanded privacy protections for consumers are necessary because ISP’s have “untethered” access to their customer’s internet information. The order broadened the definitions of “telecommunications carrier” to include all carriers providing telecommunications services subject to Title II and “customer” encompassing current, former, and applicant customers. Three types of customer propriety information (PI) are included within the scope of the new rules: customer proprietary network information (CPNI); personally identifiable information (PII), defined as “any information that is linkable to an individual or device”; and “content of communications”, defined as “any part of the substance, purport, or meaning of a communication or any other part of a communication that is highly suggestive of the substance, purpose, or meaning of a communication.” Any “de-identified” data is not subject to the new rule.
To accomplish transparency, the FCC adopts privacy policy notice requirements mandating that ISPs provide easy access to “clear and conspicuous, comprehensible, and not misleading information about what customer data the carriers collect, how they use the data, who it is shared with and for what purposes”, including the categories of entities to which the carrier discloses access to customer PI, and “how customers can exercise their choices regarding privacy options.” These notices must be provided at the point of sale prior to purchase and advanced notice of material changes must be provided to existing customers.