FCC Adopts NPRM on Customer Privacy

The FCC has adopted a Notice of Proposed Rulemaking (“NPRM”) outlining a proposed framework that would apply the traditional privacy requirements of Section 222 of the Communications Act to broadband Internet access service (“BIAS”) by focusing on transparency, choice, and data security.  A brief summary of the NPRM is provided below.

The proposed framework is based on a multi-level structure of customer opt-in and opt-out approval that depends on the type of customer information being used or shared.  The goal of this structure is to give customers more control over what information is shared or used by their BIAS provider.  All uses and sharing of consumer proprietary information, with two exceptions explained further below, would require opt-in approval on the part of the customer.  In the NPRM, the Commission also proposes a series of “clear and conspicuous” notice requirements aimed to educate consumers about the BIAS providers’ privacy policies, and to ensure that affected customers are notified in the event of an unauthorized breach.  The majority of the proposed requirements would only apply to BIAS providers, as they were defined by the 2015 Open Internet Order.  However, the policies related to breach are proposed to apply to all telecommunications carriers.  The Commission also seeks comment on whether any of the other policies should apply to additional groups of providers, such as Interconnected VoIP providers or voice communications providers.

FCC Commissioners Pai and O’Rielly both dissented from the NPRM.  Commissioner Pai stated that the NPRM “tilts the regulatory playing field by proposing to impose more burdensome regulation on Internet service providers, or ISPs, than the FTC imposes on so-called ‘edge providers.’”  Commissioner O’Rielly agreed and noted that “instead of taking the time to understand the current privacy landscape, including the FTC’s well-regarded standards and body of precedent, the [NPRM] falls back on the familiar cut and paste job, attempting to force Customer Proprietary Network Information (CPNI) rules and definitions onto broadband.”

Comments will be due by May 27, 2016.  Reply Comments will be due by June 27, 2016.

Please Contact Us if you have any questions.

Recent Posts