WASHINGTON — Federal regulators on Thursday proposed a set of privacy rules for Internet service providers that would significantly curb the ability of companies like Comcast and Verizon to share data about their customers’ online activities with advertisers without permission from users.
In the proposal, before the Federal Communications Commission, the agency’s chairman, Tom Wheeler, called for broadband service providers to disclose clearly how data may be collected about users’ online browsing and other activities. The plan also called for the companies to bolster the security of customer data.
The proposal, if approved, would for the first time establish privacy rules for the companies that manage the traffic of the web and would create some of the strongest privacy regulations for any segment of the technology and telecommunications industries. They represent the first major regulatory action involving broadband providers after the F.C.C.’s declaration last year that high-speed Internet carriers should be treated like utilities.
In a statement, Mr. Wheeler said that since Internet service providers handle all network traffic, the companies have a “broad view of all of your unencrypted online activity.” He added that “even when data is encrypted, your broadband provider can piece together significant amounts of information about you — including private information such as a chronic medical condition or financial problems — based on your online activity.”
The proposed regulations would put broadband providers under stronger privacy oversight than Internet companies like Google and Facebook. Those companies are monitored by the Federal Trade Commission, whose ability to create specific privacy rules is limited.
Many privacy advocates have pushed for a greater role by other agencies because the F.T.C. cannot create rules for online privacy and can only monitor data collection practices as an enforcement agency.
“This is nothing short of a historic moment,” Jeffrey Chester, executive director of the Center for Digital Democracy, a privacy advocacy group, said of the proposed new rules. “Unlike the Federal Trade Commission, the F.C.C. has the legal authority to enact safeguards that will allow an individual to have real control over how their information can be gathered and used.”
Some privacy experts said an Internet service provider was capable of stitching together a more complete picture of a consumer by tracking the sites the consumer visits using its network. Because more devices in the home are now being connected to Wi-Fi, the broadband providers also have more ways to collect data on their customers for online advertising, said Harold Feld, a senior vice president of the nonprofit media advocacy group Public Knowledge.
In an enforcement action against Verizon this week, the F.C.C. found that the company was using “supercookies” to continue tracking the activity of users through mobile browsers even when the customers tried to delete cookies from browsers and clear their browsing histories. Cookies are small files created by sites that are stored on devices and used to track activity.
Under the proposal, broadband service providers could still collect and share data with other communications-related affiliates without permission. That would allow Verizon’s broadband business, called Fios, for example, to give personal information about a user to its wireless service to market mobile data plans.
But the Internet service providers would not be able to share data with noncommunications partners without permission. This would prohibit a broadband service like Google Fiber from blending consumer information with search, maps and email habits of a consumer, the F.C.C. said. Verizon also would not be able to share customer data with AOL, a media site it owns, without permission.
The F.C.C.’s proposal drew protest from telecom and cable companies, which have pointed to the F.T.C. as a strong privacy enforcer. The F.C.C. has argued that after it reclassified broadband as a utility, it was compelled by law to create privacy rules.
In a recent blog post, AT&T said Internet service providers were collecting less data as more sites became encrypted. Also, consumers are choosing virtual private networks that prevent broadband providers from seeing the sites people visit, the company said. Websites like Google are leading behavioral advertising companies that should be held to the same standards as broadband access providers, AT&T said.
“Given the realities of this complex market, there is no basis for treating I.S.P. data as somehow ‘proprietary’ or subjecting I.S.P.s to unique privacy requirements,” wrote Bob Quinn, senior vice president for AT&T’s federal regulatory affairs, referring to Internet service providers. “Consumers expect and deserve consistent privacy protections for their online data, regardless of which company is collecting it and the technology used to collect it.”
The F.C.C. will vote on the proposal on March 31 and then will begin to take public comments, in what will be a monthslong process before final rules are considered.
Read More at The New York Times