The FCC issued a News Release on the NPRM it adopted on March 31, 2016, proposing to establish privacy rules for broadband Internet Service Providers (ISPs) to ensure customers have meaningful choice, greater transparency and strong security protections for personal information collected by ISPs. The NPRM proposes rules implementing the privacy requirements of Section 222 of the Communications Act to give ISP customers choice in how their information is used or shared with third parties. Specifically, to give customers control over the use of their personal information, the NPRM proposes to separate the use and sharing of information into categories: (1) no consent, beyond the customer-ISP relationship, for use of customer data necessary to provide broadband services or for marketing the type of broadband service purchased by a customer; (2) affirmative opt-out consent for use of customer data for marketing other communications-related services and to share customer data with their affiliates that provide communications-related services for marketing such services; and (3) express affirmative opt-in consent for all other uses and sharing of consumer data. The NPRM also proposes transparency requirements, such as ISP notices to customers on the information they collect, use and share with third parties, data security requirements and data breach notification requirements. The NRPM also seeks comment on additional or alternative paths to achieve pro-privacy goals. The FCC stated that this NPRM applies only to broadband service providers and does not include other services such as the operation of social media websites, or issues such as government surveillance, encryption or law enforcement. The NPRM has not yet been released and comment deadlines have not been announced.
