The Federal Communications Commission recently voted to protect broadband customers’ information from collection and sale by ISPs. It sounds like a victory for privacy advocates, but how much will it actually do to protect you?
As you might expect, these restrictions are complicated, so determining just how much they’ll protect your privacy is difficult. But we’ve taken a look at what the regulations entail, what companies will be required to do, and how they’ll likely react. Here’s everything you need to know.
You might not realize it, but, as the FCC says, “[e]very day, consumers hand over personal information — including very sensitive information — to their ISPs simply by using their service.” The websites you visit, the software you use, other browsing habits, and any information you send over the internet travels through your ISP before it gets anywhere else.
And before these regulations, ISPs could sell that information without getting your permission. If you aren’t running a VPN, there’s a good chance that your ISP is selling your browsing habits to advertisers. Granted, the sites you visit are also probably selling that information, but it feels like more of a choice when you can simply decide not to visit a different site. Your ISP, though, isn’t much of a choice (at least in the United States).
Opt-In and Opt-Out
Now, however, ISPs have to get your consent for some of that collection and sale. Specifically, they’ll require opt-in for collecting and sharing sensitive information, which includes the following:
- Precise geo-location.
- Children’s information.
- Health information.
- Financial information.
- Social Security numbers.
- Web browsing history.
- App usage history.
- The content of communication.
If your ISP wants to collect any of this information, they’ll need to specifically ask you for permission. If you say no, they can’t. It’s that simple.
Non-sensitive information, however, requires opt-out, which means you’ll have to find the right option in your ISP account to make sure it’s not collected and sold. What’s “non-sensitive” information? The FCC defines it as “[a]ll other individually identifiable customer information — for example, service tier information.”
In addition to these pieces of information, ISPs can collect some things without consent. Here’s what the FCC says about that:
Customer consent is inferred for certain purposes, including:
- Use and sharing of non-sensitive information to provide and market services and equipment typically marketed with the broadband service subscribed to by the customer.
- To provide the broadband service, and bill and collect for the service.
- To protect the broadband provider and its customers from fraudulent use of the provider’s network.
These three tiers of protection form the backbone of the FCC’s new regulations. It also bans ISPs from denying service to customers who want to opt out of information sharing, re-identifying anonymized data, and dragging their feet when reporting breaches.
All in all, it’s a victory for privacy, even if some advocates would have liked it to go farther.
As you might expect, ISPs are very unhappy about these rules. They make a lot of money selling your information, and allowing consumers to prevent that sale could put a small dent in their bottom line.
One of the issues that really irks Verizon, Comcast, AT&T, and other service providers is that internet companies aren’t subjected to these rules. That means Facebook, Google, eBay, and similar companies can sell whatever they want. ISPs, however, have been classified as telecommunications companies, which puts them under the purview of the FCC (this is a crucial part of net neutrality legislation in the U.S.). The Federal Trade Commission, on the other hand, regulates internet companies.
Both AT&T and Google have protested the ruling, and we’re likely to see a lot more protest in the near future. A number of ISPs are expect to launch a raft of lawsuits against the FCC next year. Because the regulations are so new, it’s difficult to know which strategies the ISPs will use, but you can be certain that the lawsuits will continue for a long time.
Will the FCC’s new regulations help protect your privacy? At least in the short term, the likely answer is yes. The opt-in/opt-out requirements will go into effect “approximately 12 months after publication of the summary of the Order in the Federal Register,” which gives providers at least a year until they have to comply. We can only hope the FCC’s regulations are upheld in court before then. Smaller providers get an extra 12 months before they need to comply.
The efficacy of these rules will largely depend on how well the FCC defends its decisions in court. AT&T, Verizon, and Comcast are colossal legislative forces. AT&T’s pending acquisition of Time Warner and Verizon’s plan to buy Yahoo! will make them even more powerful, which likely has the FCC nervous.
However, the FCC did successfully stand up to these companies in classifying ISPs as telecommunications providers in the interests of net neutrality. ISPs will likely make this a nasty, very drawn-out fight between consumers’ best interest and their own profits.
Let’s hope that our interests win out this time.
What do you think of the FCC’s new regulations? Should the FCC be regulating this type of issue? Do you think ISPs will stand for consumer protection, or will this measure get overturned in court? Share your thoughts in the comments below!