Internet service providers will have to adhere to stronger privacy standards, policed by the country’s top telecom regulator, for the first time after the Federal Communications Commission voted Thursday to approve new rules.
The regulations will require providers to receive explicit customer consent before using an individual’s web browsing or app usage history for marketing purposes.
The broadband industry fought to keep that obligation out of the rules. The inclusion of the language marks a victory for privacy advocates, who have pushed the FCC to make the rules as strong as possible since the agency introduced its proposal in March.
Commissioners approved the rule 3-2, with a split between Republican and Democratic members.
Enforcement of privacy regulations over internet service providers now shifts solely to the FCC, while the Federal Trade Commission will remain in charge of the privacy practices of internet companies like Facebook Inc.
FCC Chairman Tom Wheeler said the first-of-their-kind privacy rules are “rational.”
“We’re extending to the internet the same kinds of concepts that we have for decades extended to the telephone network,” Wheeler said today. “And that concept is simple: The network can’t use the information without the consumer’s permission.”
The regulations are designed to improve internet service providers’ transparency over their privacy policies, consumer control over what’s done with their personal information and data security rules.
Internet service providers, Republicans at the agency and Google Inc. all pushed for the FCC to adhere more closely to the FTC’s privacy framework, arguing the two halves of the internet should be regulated in the same way. The FTC does not require companies seek consumer consent for using browsing or app usage history.
Like the FTC, the FCC’s rules also require broadband providers to obtain explicit consent from customers before using “sensitive” information for marketing. The FCC defines sensitive data as the content of communications, Social Security numbers and financial, health and precise geolocation data, as well as information related to children.
Web browsing and app usage history is also defined as sensitive, breaking from the FTC’s framework.
Internet service providers serve as the avenue for Americans to get online, meaning they have the ability to paint a detailed picture of individual behavior, according to privacy advocates and FCC Democrats.
Service providers, advertising networks and data analytics companies get your personal information, and “lots of it, for a long time,” Democratic Commissioner Jessica Rosenworcel said at Thursday’s vote. “Our digital footprints are no longer in sand. They are in wet cement.”
“It is the consumer’s information,” Wheeler said. “It is not the information of the network that the consumer hires to deliver that information.”
Business-friendly advocates aren’t happy. The rules set “a terrible precedent likely to reverberate throughout the Internet ecosystem for years to come,” Doug Brake, a telecom policy analyst at the Washington-based Information Technology and Innovation Foundation, said in a statement Thursday.
“Counting browsing and app history as sensitive data are a particularly disappointing departure from the flexible oversight regime that has helped make the U.S. data-fueled economy the envy of the world,” Brake said of the differences with the FTC’s framework. “It would create a rigid regulatory regime that would limit the use of virtually all data that can be put to economically beneficial uses.”