The new FCC privacy rules are here, and nobody is happy

The FCC has formally approved its new rules for internet service providers on the handling of customer data, and it seems few people on either side are particularly happy.

The rules, adopted Thursday [PDF] by the commission after months of debate, call on any company currently providing broadband service to obtain opt-in consent for collecting and sharing personal information, and to allow an "opt-out" mechanism for less-identifiable information such as email addresses.

The rule passed in a 3-2 vote along partisan lines.

"The rules ensure broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs," the FCC says of its new rules.

Opponents, meanwhile, believe that the new rules place unnecessary restrictions on companies and mislabel certain types of information, such as browsing history, while also failing to connect to similar data protection guidelines used by the FTC.

"This order is a vehement rejection of the type of US regulatory oversight that has allowed US businesses to thrive online, and a sharp reversal from past claims that the US government is committed to using multi-stakeholder processes for creating Internet-related policies," argues Doug Brake, a telecom policy analyst for the Information Technology and Innovation Foundation.

"Instead, it would create a rigid regulatory regime that would limit the use of virtually all data that can be put to economically beneficial uses."

Meanwhile, privacy advocates say that the FCC's rules don't go far enough in protecting consumers from having their personal information sold off by their ISP without consent.

"The FCC's new privacy rules board up the windows while leaving the doors unlocked," says Congressman Rick Boucher (D-VA), chair of the House Energy and Commerce Committee's Subcommittee on Communications.

"Rather than expanding the definition of sensitive data to include all web browsing and app usage history, the FCC should adopt the FTC's more sensible framework as the privacy requirements for ISPs so the entire internet ecosystem is governed by the same rules. The bifurcated system that the Commission has created will surely harm consumers by creating confusion."

Still others hope that the FCC will seek to further expand protections. The Center for Democracy and Technology (CDT), a non-profit organization in Washington, DC, says it will be pushing the commission to add machine-specific data, including IP and MAC addresses, to the newly-passed rules.

"The broadband privacy rule sets an important standard for protecting internet users," the center said.

"CDT will work to support and expand the protections in the rule, as well as baseline privacy laws that will uniformly protect consumers throughout the digital ecosystem." ®