Big Win: FCC Adopts Landmark Internet Privacy Rules

On October 27, 2016, the Federal Communications Commission adopted privacy protections that place consumers in charge of the sharing of sensitive personal information by broadband Internet access providers. The rules, which are unprecedented in the United States, will stop Internet access providers from misusing customers’ browsing history, online communications and use of apps.

The Consumer Federation of California congratulates FCC Chair Tom Wheeler for his leadership in drafting these regulations, and Commissioners Clyburn and Rosenworcel for voting to protect our private information. The three Commissioners withstood massive pressure by AT&T, Verizon, Comcast and other Internet access giants who would prefer to have unfettered power to profit off of our most private data.

CFC submitted formal comments and reply comments on the regulations to the FCC. Through our Privacy Revolt! campaign, we collected and submitted 5,880 individual comments to the FCC calling on the agency to adopt strict privacy regulations.

“It’s the consumers’ information,” said FCC Chairman Tom Wheeler. “How it is used should be the consumers’ choice. Not the choice of some corporate algorithm.”

CFC participated in a coalition of 35 consumer, privacy and civil rights groups supporting the FCC rules.  Internet access providers and advertising industry lobbyists were quick to condemn the FCC, claiming that enabling consumers to decide for themselves about information sharing would imperil the existence of the Internet. Corporate trade associations suggested that they would flex their contribution-fueled muscles on Capitol Hill and launch lawsuits to repeal the regulations.

The FCC regulations cover Broadband Internet Access Service (BIAS) providers, who are the gatekeepers to the Internet.  The FCC action stems from its 2015 decision to regulate Internet access providers as common carriers, or utilities, comparable to phone companies, in its Net Neutrality proceedings. The new FCC privacy regulations do not cover so-called “edge” providers, such as Google, Amazon, Twitter and Facebook, because the Federal Trade Commission (FTC) regulates these businesses. CFC believes the FTC should take prompt action to establish similar privacy rules for edge providers.

The new FCC rules prohibit Internet access providers from sharing with third parties sensitive data including personal financial, medical or geolocation data, children’s information, web browsing history or online communication data unless a consumer willingly opt-ins to authorize sharing.

The FCC deferred to a future day any action on two key privacy rights issues:

CFC urged the FCC to prohibit pay-for-privacy schemes, such as a $29 monthly fee that AT&T had charged high speed broadband customers to safeguard their sensitive data. (AT&T abandoned its pay-for-privacy fee in September, bowing to an outcry from consumer advocates, and undoubtedly not wanting to be the poster child for corporate privacy extortion in the FCC rulemaking).

CFC also urged the FCC to prohibit any pre-dispute mandatory arbitration clauses in Internet access contracts. CFC believes consumers have the right to their day in court when privacy violations occur.

The CFC looks forward to working with the FCC when it tackles these vital issues.

The new FCC rules will take effect in about fifteen months for the major broadband Internet access providers. Smaller providers will have an additional year to implement the regulations.