In the first case, consent is “apparent,” meaning ISPs would be well within their rights to use consumer data for purposes, as Wheeler put it, that “are consistent with customer expectations,” including billing for the service provided and enabling people to visit websites of their choosing.
Next, ISPs would be also allowed to market to their subscribers – upsell a faster connection speed, for example – unless a customer opts out. They could also share data for marketing purposes with affiliates that provide communications-related services. So, in theory, AOL could target Verizon subscribers to buy dial-up. (Hey, some people still use dial-up.) Same deal with opt-out, however. If a consumer opts out, that’s the end of the road.
And then in the final category is everything else. Broadband providers would need to get explicit consent from their subscribers to share any other type of information with third parties.
It’s still early days – the FCC’s proposal first needs to be adopted at its March 31 open meeting, followed by a period of open comment – but telcos are no doubt hoping they didn’t count their chickens too early. Verizon, in particular, has 4.4 billion reasons to be worried.
A large part of the value proposition behind Verizon’s AOL acquisition is the potential to capitalize on user data for advertising purposes.
At the very least, the FCC is certainly paying attention. On Monday, it concluded its probe into the Verizon supercookie saga with a $1.35 million settlement in which the telco agreed to be more transparent about its targeted advertising programs and to provide consumers with clearer notice and choice options.
The settlement sum may be paltry, but the signal is clear.
Although the FCC’s broadband privacy proposal is only the first step in what will be a long process, the gauntlet has been thrown. In answer to the question, “What’s your next battle?” Wheeler gave The Verge a one-word answer in an interview on Wednesday: “Privacy.”
But beyond getting approval at the end of March, the FCC will also have to take steps to update Section 222 of the Communications Act of 1934, a hoary piece of federal legislation that regulates the privacy of consumer information. As of now, Section 222 applies to voice services, not broadband. The FCC acknowledges it’s going to have to update the regs to include broadband data transmission, as well as address how to handle mobile and sensitive data sets like location.
The FCC has been busy, though. It recently reclassified broadband so that it falls under new net neutrality rules passed in February 2015, a move that ostensibly gives it the authority over broadband policy normally held by the Federal Trade Commission.
Although the FCC is taking a hard line, it’s important to note that its proposal doesn’t apply to the privacy practices of the actual websites users choose to visit or to players such as Google, Facebook and Twitter.
It’s a fact that sticks in the proverbial craw of some telcos. In a blog post, AT&T voiced its concerns about the FCC’s plans, arguing that the current framework is sufficient enough to protect consumer privacy.
“Some groups … have characterized ISPs as ‘gatekeepers,’ asserted that ISPs (as opposed to companies like Google) are the real leaders of targeted advertising and, finally, argued that the Federal Trade Commission is, in essence, incompetent at policing privacy given the tools they have available,” wrote AT&T. “With all due respect to those groups, their arguments are just not borne out by the facts.”
But the Interactive Advertising Bureau is on board.
“The ability of web users to easily access the free, ad-supported online news, information, and entertainment they enjoy — with effective notice, choice, and transparency — is a top priority for the IAB, and we look forward to working with the FCC to ensure that such freedom continues,” said Dave Grimaldi, the IAB's EVP of public policy.