Under the new rules, geo-location data, financial information, browsing and app usage history, children’s and health information, and the content of communications will all be deemed sensitive information that require the consumer’s opt-in consent before the provider can use or disclose the information, except to provide broadband service or protect the provider’s network. All other individually identifiable information not deemed “sensitive” will be subject to opt-out consent requirements. Whether the data is deemed sensitive or not, the FCC is requiring that ISPs subject to the rules provide “immediate and persistent notification” of the provider’s privacy practices so that consumers can continue to monitor the use of their data and make changes when desired. A copy of the Chairman’s Fact Sheet summarizing the order can be found here.
In a preview of things to come, Democratic Commissioner Mignon L. Clyburn stated that although she approved of the new rules, she wished the order would have addressed mandatory arbitration clauses in consumer contracts. In a concurring statement, she expressed disappointment that the FCC did not “join the vanguard” of other federal agencies that “have stepped up and declared these provisions unlawful in other contexts.” For his part, FCC Chairman has promised to put in place “an internal process” aimed at producing a notice of proposed rulemaking on arbitration clauses by February of next year.
Arent Fox will continue to monitor the FCC’s broadband privacy rules as more information, and the text of the order, become available. Please contact Alan Fishel, Sarah L. Bruno, and Adam D. Bowser for more information.