On October 27, 2016, The Federal Communications Commission (FCC) adopted rules requiring internet service providers (ISPs) to give consumers more control over the use of their web browsing and other information by requiring ISPs to obtain opt-in consent to use customers’ web browsing history or app usage. Because the rules do not apply to social media platforms, websites, or apps, ISPs have protested.
New rules for ISPs include:
- Giving consumers clear notice about the collection, use, and sharing of their information;
- Obtaining opt-in consent to use and share “sensitive” personal information
- Sharing and use of non-sensitive personal information will generally be subject to opt-out consent;
- Use and share of de-identified information in certain circumstances without obtaining consent;
- Developing and implementing reasonable security practices to protect customer data;
- Prohibiting refusal to serve customers who don’t consent;
- Discounting or giving other incentives in exchange for customer consent must comply with heightened disclosure requirements;
- Notifying customers (and, in certain cases, regulators) within 30 days of determining that an unauthorized disclosure of customer personal information has occurred.
The final FCC Rules may provoke a challenge by ISPs who have never been subject to such consumer privacy rules in the past.