The US regulatory agency will require broadband providers to get the approval of customers before sharing their sensitive information.
The Federal Communications Commission (FCC) on Thursday approved new rules governing how internet service providers handle their customers' information. For the first time, ISPs like Comcast, as well as mobile data carriers like Verizon Wireless, will be required to get a customer's permission before sharing their sensitive information.
The rules were first proposed back in March and are part of a new regulatory push that started after the FCC reclassifed broadband companies as utilities under the Telecommunications Act.
The new rules, approved in a three-to-two vote that came down along partisan lines, create tiers of information with different requirements ISPs must follow.
- Opt-in: ISPs must obtain affirmative "opt-in" consent from consumers to use and share sensitive information. The rules specify that "sensitive information" includes precise geo-location, financial information, health information, children's information, social security numbers, web browsing history, app usage history and the content of communications.
- Opt-out: ISPs can use and share non-sensitive information unless a customer opts out. This category includes individually identifiable information that doesn't fall into the "opt in" category, such as email addresses or service tier information.
The new rules also include requirements for ISPs to protect consumer information and keep customers informed of their practices. Specifically, they call on ISPs to give consumers clear and persistent notice about the information they collect, how it may be used with whom it may be shared and how customers can change their privacy preferences. It requires ISPs to engage in reasonable security practices and gives guidelines for steps they should consider taking, such as implementing customer authentication tools. Lastly, the rules require ISPs to inform consumers and law enforcement about data breaches...