FCC Proposes New Broadband Privacy Regulations

This one isn’t an April Fools’ prank.  On April 1, 2016, the Federal Communications Commission (“FCC”) announced its proposed rulemaking to create regulation that would bind Broadband Internet Access Service (“BIAS”) providers in the interest of enhancing privacy towards consumers.  This proposal has raised objections from AT&T, Comcast, USTelecom, and the Application Developer’s Alliance, claiming that the ensuing regulations would create a morass of regulation in the privacy sphere.  Yet, the FCC’s regulations are to prohibit the monetization of the information that these providers would have due to the use of their services.  So, what is a BIAS and how could these rules possibly protect privacy?

What is a BIAS provider?

The BIAS providers provide internet service through wire or radio.  The FCC even expands this to any functional equivalents to BIAS providers. Of some note is which entities are not BIAS entities.  For example, companies like Facebook, Apple, and to some extent, Google, would not be bound by the terms here and could use the information that is collected through their services.  This is because none of them actually provide the internet service that their consumers use.  There is some room for Google to be prohibited as it provides internet service in some locations through Google Fiber, but the regulations would only prohibit the information that was gained through the use of its internet services, but not services that it provides towards online consumers.  Thus, Google’s Fiber service would likely be prohibited from using consumer’s personal information, while Google’s YouTube service would not.

How could this protect privacy?

The proposed regulations focus on consumer permission and prohibition on sharing the information.  In addition, the polices would have to disclose plainly what sort of data is collected, how it is collected from the consumer, shared by the provider, and used by other individuals. In addition, the data usage would then have to be approved by the consumer on some level.  Thus, if a consumer chose to engage in an ad-supported service, then he/she is permitted to take such steps.  The focus is less of an outright ban and more of a task to enlighten consumers and give them more tools in order to protect their privacy rights.  There are other requirements being proposed.  For example, information not being directly linked to one device, or one person after aggregating the data.  This would prevent the re-identification of individuals by gathering all of their data from an Internet service provider.

The proposition would also take some data security into account, and would require risk management assessment, employee training on data security, due diligence, customer authentication procedures to gain access to personal information.  Ultimately, all of this is to put further protections on the consumer data and try and avoid cybersecurity incidents.  However, this is all still a proposal, and the FCC still has unfinished work.

At our law firm, we assist clients with legal issues related to business, technology, and e-commerce transactions.  You may contact us to set up an initial consultation.