The Federal Communications Commission (FCC) just made your online personal information a lot safer. On October 27, the FCC announced new regulations that limit an Internet Service Providers’ (ISPs) ability to give out your personal information to third parties, such as marketing firms. Under these news rules, information will now be broken into two categories, (1) sensitive information and (2) non-sensitive information. Sensitive information includes some of the most personal data, and covers:

  • Browsing history
  • Geo-location information
  • App usage
  • Children’s information
  • Health information
  • Financial information
  • Social security numbers

In order to share this sensitive information, an ISP must now obtain affirmative “opt-in” consent from its customers. Non-sensitive information, which includes emails and service tiers, can be shared freely by ISPs, but a customer can affirmatively “opt-out” and keep that information private as well. And while these new rules do not outright prohibit ISPs from collecting this information, it will still allow a consumer to affirmatively accept their distribution before it is released to third parties. As the chairman of the FCC, David Wheeler, said, “it’s your data. How it is used and shared should be your choice.”

Not everyone is cheering about the new regulations though. Obviously, the big losers here are the marketing and advertising firms who rely on this information to target specific ads to users based on personal criteria such as browsing history and geo-location. But others have levied criticisms against these new regulations, the most common of which is that these new regulations do not fully cover a user’s privacy information, and still lets websites (referred to as “edge providers”) like Facebook or Google—which the FCC does not have jurisdiction over—collect and share this information as they please. This approach has been criticized as uncoordinated and dissenting members of the FCC said these regulations will give an unfair advantage to these edge providers. Others have gone as far as to say these new regulations are misleading, and will lull consumers into a false sense of security, thinking their personal information is safe while still being mined by edge providers.

While these criticisms might be true, these regulations come as a welcoming update to the United States data privacy regulations, which have lagged behind other developed nations, particularly the laws of the European Union, for some time. The executive director of the Center for Digital Democracy, Jeffery Chester, described it as “the best day we’ve had on Internet privacy—commercial internet privacy—maybe ever.”

These regulations will also hopefully represent only the first of many new regulations used to secure individuals privacy online. Following the FCC’s lead, the Federal Trade Commission, which regulates edge providers like Facebook and Google, could pass similar regulations extending the reach of these protections past just ISPs and provide the coordinated effort that critics are looking for. Further, under these new regulations the law could see a broader shift towards a more pro-privacy stance. In fact, some courts have already moved in this direction, perhaps signaling a doctrinal trend. Recently the First Circuit in Yershov v. Gannett Satellite Information Network, Inc. expanded their view of what qualified as Personally Identifiable Information, stating that geo-location information sent from apps to third party marketers violated the Video Protection Privacy Act’s prohibition against sharing personal data.

Regardless of the future impact of these regulations, however, ISP customers worried about their personal information can breathe easier now knowing that they are even just a little bit safer under these new regulations.

— Michael Buschmann







Comments are closed.