News
U.S. regulator says telcos must seek permission from customers before sharing personal data with third parties.
The U.S. Federal Communications Commission (FCC) has proposed new rules that will give consumers more control over how their broadband provider uses their personal data.
Unveiled on Thursday, the rules centre on three areas: choice, transparency, and security.
Choice means giving consumers the option to opt out of their data being used by their ISP to upsell other communications-related services or share their data with affiliates that also offer similar services. It would also require telcos to seek permission before sharing their customers’ personal information with third parties.
When it comes to transparency, broadband providers must make it clear to customers what information is being collected and under what circumstances it will be shared with other entities.
"When consumers sign up for Internet service, they shouldn’t have to sign away their right to privacy," said the FCC, in a statement.
In terms of security, the FCC said broadband providers must take "reasonable" measures to safeguard customer data. They would also be required to adopt risk management practices, train staff in data security, apply strong customer authentication requirements, and appoint a senior manager with overall responsibility for the use and protection of personal information.
In the event of a data breach, the telco must inform affected customers no later than 10 days after its discovery, and the FCC within seven days.
In cases affecting more than 5,000 customers, telcos must inform the FBI and the U.S. Secret Service within seven days.
The proposed rules do not apply to the privacy practices of Websites like Twitter or Facebook, which are regulated by the Federal Trade Commission (FTC). Crucially, they also do not apply when it comes to government surveillance or law enforcement.
The FCC’s proposals received a mixed response.
Broadband lobby group USTelecom praised the regulator, with president Walter McCormick agreeing that "consumers should be able to count on privacy rules that are evenly applied across the Internet economy."
However, the Information Technology and Innovation Foundation (ITIF) said the proposals are unwarranted, and that privacy rules should be left up to the FTC.
"It is unfortunate that privacy activists have successfully convinced the FCC to ignore the benefits of FTC privacy oversight," said Doug Brake, the ITIF’s telecommunications policy analyst.
He said the FTC’s rules afford the kind of flexibility that supports new business models – i.e., advertising – for funding networks.
"Instead, this vocal minority, who places a much higher price on their privacy than the average consumer, seeks to foreclose on the current balance of privacy with other important values," Brake said.
The FCC is due to vote on the proposals at a meeting scheduled for 31 March. If adopted, the FCC will invite the public to comment on the new legislation.
