Tech by VICE

You May Soon Be Able to Restrict How Your ISP Uses Your Personal Data

FCC Chairman Tom Wheeler wants consumers to have more control over the data they share with their ISP.

by Nicholas Deleon
Mar 10 2016, 8:52pm

Image: TechCrunch/Flickr

The Federal Communications Commission no longer wants the immense treasure trove of data that you unwittingly provide to your internet service provider, including the websites you visit and the search terms you type into Google, to be sliced and diced and sold to marketers.

On Thursday, FCC Chairman Tom Wheeler announced a proposal that would give people like you and me the ability to prevent ISPs from sharing their personal information with third parties. The proposal divides data-sharing into three broad categories: 1) Times when ISPs do not need permission to use consumer data, such as for billing purposes or for the marketing of their own additional services; 2) Times when consumers can opt-out of having their personal information used, including the sale of their personal information to "affiliates" for the purposes of marketing; and 3) Times when consumers must proactively opt-in to having their personal information used, which is "all other uses and sharing of consumer data" not described in the first two categories.

"Your ISP handles all of your network traffic," Wheeler wrote in an op-ed for The Huffington Post. "That means it has a broad view of all of your unencrypted online activity—when you are online, the websites you visit, and the apps you use… Even when data is encrypted, your broadband provider can piece together significant amounts of information about you—including private information such as a chronic medical condition or financial problems—based on your online activity."

The FCC will vote on the proposal at its March 31 meeting. As is the case with all Notices of Proposed Rulemaking, if the agency votes in favor of the measure two comment periods will then follow. It's then up to the FCC to draft and then pass the rules without any specific deadline.

The measure would also require ISPs to inform customers of a data breach affecting their personal data within 10 days of discovery. The FCC and FBI must be notified of the breach within seven days.

Reaction to the FCC proposal was mixed among privacy rights activists, some of whom felt it leaves ISPs with too much power over how they use consumers' personal data.

"The emphasis of these rules is permissive," said Peter Micek, global policy and legal counsel at Access Now. "It allows [ISPs] to use customer data in any way, only requiring opt in for some uses. The rule, as proposed, would allow private data to be shared or sold to marketing companies that create detailed profiles of customers. And yet, the rules provide few positive rights for consumers. There is no new right to access, modify, or delete this personal information, or to take that data to another provider if a customer wishes to switch ISPs."

Free Press, another privacy rights group, welcomed the proposal, praising the FCC for "taking the first step toward fulfilling its responsibility under Title II to protect the privacy of all telecommunications customers."

"This is an issue which touches the life of every connected consumer, and we are pleased to see the Chairman taking a stand on such a critical topic," said Meredith Rose, a staff attorney at Public Knowledge. "While we acknowledge that the Chairman did not adopt all of the recommendations we made in our research, today's release and the forthcoming Notice of Proposed Rulemaking represent a substantial step forward for consumer privacy."