According to a Report and Order issued in late October, the new rules establish a framework of customer consent that Internet service providers (ISPs) will be required to use. The FCC says that the framework is consistent with other privacy approaches used by the Federal Trade Commission and the Administration’s Consumer Privacy Bill of Rights.
Specifically, the new privacy rules fall into the following areas:
- Opt-in—ISPs will be required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information;
- Opt-out—ISPs will be allowed to use and share non-sensitive information unless a customer chooses to “opt-out;” and
- Exceptions to consent requirements—Customer consent is assumed for certain purposes, such as for billing and collection activities.
The new rules also cover transparency requirements as well as a requirement that ISPs engage in “reasonable” data security practices.