Do you know what your internet service provider (ISP) is doing with all the information it collects on the online videos you watch and the websites you visit? Probably not. But that could change on Thursday when the Federal Communications Commission (FCC) is expected to vote on new broadband privacy rules intended to give consumers more control over how their data is used.
Advocates caution that the FCC could still make changes to the plan, or delay the vote. But if the current proposal is approved, ISPs—the cable and wireless companies that provide consumers with internet service—will need to get your permission before they can use or share several kinds of personal data.
Currently, ISPs has broad control of that information, and can share it with marketing firms without a consumer knowing.
In a visit to Consumer Reports' offices last week, FCC Chairman Tom Wheeler discussed the proposal. "The key concept in privacy is that it's your information, and you turn that information over to a network," he said. "That network ought to respect the fact that it's not their information, it's your information. And this is not to say that the network can't use that information but if they do, they have to have your permission."
AT&T declined to comment in advance of the FCC's vote on Thursday, and Comcast didn't reply to a request for an interview. But when the revised proposal was circulated earlier this month, USTelecom, a trade group that represents ISPs including AT&T, Frontier, and Verizon, criticized the plan.
In particular, the group argued that ISPs should be governed by the Federal Trade Commission (FTC)—as they were until 2015. The FTC regulates internet companies such as Google, Facebook, and Amazon.
"Consumers would be better served if the FCC were to defer to the expertise of the FTC in this area, and the two agencies were to pursue a uniform approach,” USTelecom President Walter McCormick said in a statement.
Wheeler argued that the FTC doesn't have regulatory authority over ISPs, now that they are classified as "common carriers," and in any case, internet providers should be regulated differently than websites. "The network sees everything I do. A website sees what I do on that website," he said. "If I don't like the privacy practices of a website, I can say I don't want to go to that website. But I don't really have too much choice in my broadband provider."
Here how things may change if the proposed rules are implemented.
1. You'll Know What They Do With Your Information
Right now, consumers don't know what information is being collected by their ISPs, and what's being done with it. The FCC proposal is meant to add transparency.
Under the plan, your ISP would have to let you know exactly what kind of information it's collecting about you. Additionally, it would have to explain how it uses that data, and which other companies get access to it.
The proposal requires ISPs to provide this information when you sign up for service, and when it makes any significant change to its policies and practices.
2. You'll Have to Agree Before They Share Your Data
If the rules are approved, ISPs will have to get your "opt-in" consent before using and sharing sensitive information.
Such data is often considered to include children’s information, health information, financial information, and Social Security numbers. But the FCC plan extends the definition to include location information derived mobile devices, web browsing history, app usage history, and the content of communications such as emails.
An earlier version of the plan would have required a consumer's opt-in before an ISP could use nearly any customer data, not just "sensitive" information.
Additionally, the plan gives you the right to opt out of your ISP's use of non-sensitive types of information.
If you choose to opt out of sharing your data, ISPs can't cut off or refuse you service.
However, the rules don't eliminate "pay-for-privacy" deals, in which an ISP gives consumers a discount on service when they agree to have their personal information used for marketing purposes. Companies will have to provide clear information about such deals, and obtain explicit consent.
Consumers Union, the policy and mobilization arm of Consumer Reports, has argued against pay-for-privacy plans.
3. They'll Have to Protect Your Data
The FCC is also seeking to improve the way consumer data is secured against hackers.
The privacy proposal requires ISPs to take reasonable measures to protect consumer information from breaches and vulnerabilities, using "best practices" in the information security industry.
Under the plan, if an ISP discovers a data breach, it has to let consumers know within 30 days.
The ISP is further required to inform the FCC within seven business days, and to alert the FBI and U.S. Secret Service if the breach affects more than 5,000 customers.
Just one final note: There's a chance that a vote on the broadband privavcy rules could be postponed, just as we saw happen last month with the cable-box proposal to let consumers use free apps to get TV programming rather than rent set-top boxes from their cable companies. We'll be following the proceedings tomorrow, so check back for the latest updates.
Copyright © 2005-2016 Consumers Union of U.S., Inc. No reproduction, in whole or in part, without written permission. Consumer Reports has no relationship with any advertisers on this site.