The Federal Communications Commission (FCC) today imposed new rules on broadband Internet Service Providers (ISPs) aimed to protect consumer privacy.
The new rules require ISPs to distinguish between what the FCC calls “opt-in” and “opt-out” categories of collected data:
- Opt-in: This is a category of information that is considered sensitive, including precise geo-location, financial information, health information, children’s
information, social security numbers, web browsing history, app usage history and the content of communications. The ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share this information with 3rd parties like advertisers.
- Opt-out: This category is for less sensitive individually identifiable customer information – for example, email address or service tier information. ISPs would be implicitly allowed to use and share this non-sensitive information unless a customer “opts-out.”
The rules also set requirements for broadband providers to follow the industry best practices for customer data security, disposal, and breach notifications.