Internet service providers would face tough new restrictions on how they could use the personal information of their customers, including their Web-browsing activity, according to privacy regulations proposed Thursday by a top federal regulator.
In most cases, cable and wireless companies that offer broadband service would need permission from customers to use or share the vast and potentially lucrative trove of data collected about them as they surf the Internet, send email or use mobile apps, the Federal Communications Commission said.
“Simply by using the Internet, you have no choice but to share large amounts of personal information with your broadband provider,” FCC Chairman Tom Wheeler wrote in article on the Huffington Post.
“You have a right to know what information is being collected about you and how that information is being used,” he said.
Wheeler’s plan, which was circulated to the agency’s four other commissioners Thursday, also would require Internet service providers to notify customers within 10 days if there was a breach involving their personal data.
The FCC is expected to vote on the proposal March 31. Wheeler and the two other Democrats who make up the majority of the commission are expected to vote for the measures.
The privacy proposal, applauded by privacy advocates, is the latest front in a battle between Wheeler and the large broadband providers such as AT&T, Comcast and Verizon over Internet regulations.
The companies said they supported stronger privacy protections, but opposed an approach that is tougher on them than on technology companies such as Google, Apple and Facebook, which also gather customer data.
The new regulations would apply only to broadband providers and not to individual websites or social networks, the FCC said.
“Consumers should be able to count on privacy rules that are evenly applied across the Internet economy,” said U.S. Telecom, an industry trade group. “Fragmenting current privacy protections for using the Internet won’t serve anyone well.”
But Wheeler said broadband service providers play a unique role in the Internet ecosystem.
“Your ISP handles all of your network traffic,” he wrote. “That means it has a broad view of all of your unencrypted online activity — when you are online, the websites you visit, and the apps you use. If you have a mobile device, your provider can track your physical location throughout the day in real time.”
Wheeler would use new agency authority over the companies to enact the privacy protections.
Last year, the FCC voted 3-2 along party lines to approve rules for online traffic known as net neutrality. That put broadband providers in the same legal category as more highly regulated conventional telephone companies.
In doing so, the FCC also extended its privacy authority over the broadband companies.
The broadband companies strongly opposed the net neutrality rules and have gone to court to overturn them.
Under the privacy proposal, Internet service providers would be able to use customer data without permission to calculate bills, market improved services and deliver Web pages, email and other data.
Broadband providers would also be able to share customer information with affiliated companies to try to sell other communications-related services unless the customer opts out.
All other uses of personal information would require a customer to give specific permission, or opt in, Wheeler said.
“The bottom line is that it’s your data,” he said. “How it’s used and shared should be your choice.”
Major trade groups representing broadband providers urged the FCC to take a less restrictive approach.
In a March 1 letter to Wheeler, the groups said the agency should follow the long-standing approach of the Federal Trade Commission, which has focused on preventing unfair and deceptive practices.
The FTC rules govern all companies in the Internet community, including companies such as Google and Apple.
In a blog post this week, Bob Quinn, AT&T’s senior vice president for federal regulatory policy, said Internet service providers “do not currently live in a ‘regulatory-free zone’ when it comes to privacy, nor are we asking to live in one in the future.”
“Given the realities of this complex market, there is no basis for treating ISP data as somehow ‘proprietary’ or subjecting ISPs to unique privacy requirements,” Quinn said.
But consumer groups and privacy advocates, who have complained that the FTC’s privacy rules are weak, cheered Wheeler’s plan.
“The proposed FCC opt-in for most consumer transactions can provide a foundation where data is under a person’s control — not a broadband company or some unknown third party,” said Jeffrey Chester, executive director of the Center for Digital Democracy.