The FCC has adopted rules that require broadband Internet Service Providers (ISPs) to protect the privacy of their customers and ensure customers have meaningful choice, greater transparency and strong security protections for personal information collected by ISPs. To provide consumers with control over the use of their personal information, the rules establish a framework of customer consent required for ISPs to use and share their customers’ personal information based on the sensitivity of the information. Specifically, the rules adopted, among other provisions, require ISPs to notify customers about the types of information collected, specify how and for what purposes the ISP uses and shares this information, and obtain affirmative opt-in permission from customers to use and share sensitive information, such as precise geo-location, children’s information, financial information, health information and other sensitive information. The rules allow ISPs to use non-sensitive customer information unless the customer affirmatively opts-out of allowing such use. ISPs must also take reasonable measures to protect customer information from breaches involving unauthorized disclosure of a customer’s personal information and to notify customers when breaches occur. Exceptions to the consent requirements include the provision of broadband service or billing and collection. The rules do not apply to the privacy practices of web sites and other edge services over which the Federal Trade Commission has authority and do not cover other services provided by a broadband ISP, such as the operation of a social media website, or issues such as government surveillance, encryption or law enforcement.
