New America’s Open Technology Institute recently supported the Federal Communications Commission’s (FCC) proposed rules requiring broadband providers to protect their customers’ confidential data, including personal information like name, address, and Social Security number, as well as technical data like device identifiers. Consumers deserve strong privacy protections for the data they must share with their broadband providers. We also suggested changes to further protect consumers.
Consumers should be protected against exploitative uses of their data by broadband providers because they can’t avoid sharing all their data to receive the services (Internet access) they purchased. Broadband providers have access to and collect essentially everything about their customers, including that you are reading this blog post right now, and therefore can glean complete pictures of their customers activities, habits, even when the customer is home. Right now, this information can be used or sold for nearly any purpose.
People are increasingly more concerned about their online privacy. Recent data show that eighty percent of consumers want stronger privacy protections online and that people’s concern for their online privacy has deterred them from engaging in certain online activities. In the broadband context, people are often faced with a false choice: either access the Internet and lose all privacy protection, or protect your privacy by foregoing Internet access entirely. The FCC’s proposal will help ensure consumers are not forced to make that choice.
OTI’s key recommendations to the FCC are outlined below.
The FCC should apply its proposed privacy protections in a broad manner, ensuring maximum consumer protection. We agreed with the FCC that the increased privacy protections should include current as well as former customers and applicants for service. We also agreed that terms defining the types of data protected should be defined broadly. However, we suggested, for instance, that the FCC should provide further guidance on what it meant by certain types of data like “information relating to family members.” We also recommended protecting content by disallowing use of “deep packet inspection” without opt-in consent.
Customers must be able to choose how broadband providers use their data, and the default must be opt-in consent in most, if not all, circumstances. The FCC’s opt-in requirement is the centerpiece of the proposal and the reason the proposal is so strong--that principle should not be changed. Broadband providers should also provide meaningful notice and consent regarding specific privacy practices, and the opt-in/opt-out process should be simple and easy.
Customer data must be secure and customers must know when their data is breached. Broadband providers must protect their customers’ data, which includes robust encryption. Data breach notification to customers should be mandatory for all broadband providers. Broadband providers should not be in a position of deciding whether customers should be informed of a data breach. They should always be informed.
The FCC should also ban certain coercive practices. Broadband providers should not be able to offer services that require customers to completely give up their privacy rights. Similarly, broadband providers should not be able to offer services where they penalize privacy-conscious customers by forcing them to pay a higher subscription fee.
Overall, the FCC’s proposal is strong, fair, and reasonable. It will protect consumers and (finally) give them the choice over how broadband providers handle their data.
Find OTI’s full filing here.