The big news out of Washington Thursday was a move by Federal Communications Commission Chairman Tom Wheeler to require broadband providers to get their customers’ permission before making use of the data they collect.
It’s just a proposal at this point, but the rules would apply to both mobile and home broadband and require services to get explicit permission to use most types of information, such as customers’ location or the websites they are using. Today, companies are largely free to gather that information and even to share it with third parties.
“Every broadband consumer should have the right to choose how their information bits should be used and shared,” Wheeler said in an op-ed piece. “And every consumer should be confident that their information is being securely protected.”
So just how would all this work?
Wheeler has shared with his fellow commissioners a notice of proposed rule-making that, if approved by a majority of the commission, would kick off a public comment period when providers, privacy groups and consumers could all offer up their thoughts, alternative proposals, etc.
The proposed rules break information into three basic categories.
The first category relates to information that broadband providers need to provide their service. Under the rules, a customer would be deemed to have provided consent for that as part of signing up for service. For example, the company needs to be able to bill you, take you to the Web addresses you type in, etc.
A second category relates to a provider’s ability to try to sell you other services. For example, Verizon would be able to market its home Internet service customers. In this category, consumers have to opt out if they don’t want this type of communication. (Just this week, Verizon settled a case with the FCC over its use of permanent “supercookies” to track the browsing habits of its mobile customers.)
The third category relates to all other types of information — and to any information shared with third parties. For a service provider to use or share this type of information, it would have to get the explicit opt-in consent of its customers.
Wheeler’s proposal also contains rules about how companies should protect the information and about notification of users when the company suffers a security breach.
Naturally, privacy advocates hailed the proposal, while some Internet providers will certainly make the case that they are being unfairly singled out while other Internet giants collect all manner of data.
To be clear, these rules apply only to a company (or part of a company) that is providing Internet access. Facebook and Twitter and Microsoft, for example, would not be bound by these rules. Only the part of Google that delivers service (Google Fiber and Google Fi) would be.
Left unanswered is the question of whether providers will be able to charge more for customers who don’t share certain information. AT&T, for example, already charges more of fiber customers who won’t share their data.
Also not clear is whether all information would be treated the same, or if heightened protection would be offered to certain kinds of data, such as financial information.
Senior FCC officials said those are issues on which they will seek comment if the full commission moves forward with Wheeler’s proposal.
The biggest unknown, though, is whether the FCC will have the authority to make these rules at all. The agency is proposing these rules under the same 2015 Open Internet order that established net neutrality, and opponents are already challenging its move to consider broadband access as a communication service.
While optimistic about that court battle, FCC officials are hoping to find additional legal authority to support these rules in case the 2015 authority is struck down.
The agency is positioning its effort as one that doesn’t seek to prohibit any practices, but rather ensures that customers actively choose to share their information. It’s also making the case that it is okay to have special rules for Internet service providers because of the amount of personal information to which they have access. There are already industry-specific rules for other types of data, such as health records and financial accounts.
In addition to privacy advocacy groups, Wheeler also got speedy support from some Democratic lawmakers who have been pushing for such legislation.
“Internet service providers have a duty to protect the privacy of consumers who use the company’s wired and wireless infrastructure to connect to the world,” Sen. Edward J. Markey, D-Mass., said in a statement. “I urge the commission to take up the proposal at its March meeting and move quickly to put these rules on the books.”
This article originally appeared on Recode.net.