New FCC rules mean ISPs will soon require customer consent to sell sensitive user data

[midian182]

There’s been a rare win for consumer privacy. The US Federal Communications Commission is to impose new rules on internet service providers, requiring them to obtain explicit consent from customers before selling or sharing sensitive personal data to third parties.

‘Sensitive information’ includes web browsing histories, financial and health information, location data, communications content, children's information, social security numbers, and app usage history. Customers will need to opt-in for an ISP to share this data.

Non-sensitive information covers emails addresses, service tiers, IP addresses, and other similar pieces of data. ISPs must create a method for customers to opt-out of having this information shared or sold.

There are still questions over whether ISPs will just bury the consent forms inside the mass of user agreements that most people agree to without reading. The new rules cover all internet service providers, such as Comcast, as well as mobile carriers. Web companies that use customers’ data – Facebook, Google, etc. – aren’t covered by the FCC’s regulatory jurisdiction.

“Today's vote is a historic win for privacy and free expression and for the vitality of the internet,” said ACLU Senior Policy Analyst, Jay Stanley, in a statement.

Not everyone is happy about the change. The Association of National Advertisers said it was “unprecedented, misguided and extremely harmful,” while a representative from the National Cable & Telecommunications Association called it “regulatory opportunism.”

There does, however, seem to be a loophole in the plan. ISPs are allowed to gather sensitive customer information without consent as long as they de-identify (as in anonymize) it before using it, according to TechCrunch.

It’ll be at least one year before the rules go into effect. Once they’re implemented, make sure to read your ISP’s contracts before clicking agree – assuming you want more privacy and less spam.

Permalink to story.

https://www.techspot.com/news/66844-new-fcc-rules-mean-isps-soon-require-customer.html

 

[IAMTHESTIG]

This should have been the case from the beginning... honestly. If I found out my ISP sold sensitive private data regarding myself I would sue the sh*t out of them. I believe it is morally wrong to sell that sensitive\private information about a user who doesn't consent.

 

[Evernessince]

This should have been the case from the beginning... honestly. If I found out my ISP sold sensitive private data regarding myself I would sue the sh*t out of them. I believe it is morally wrong to sell that sensitive\private information about a user who doesn't consent.

Especially considering they are just the one's doing the last leg of the delivery of the information. It's like the mail carrier opening up every one of your packages and recording what you are doing. The only difference being that you don't send private information like your credit card and social security number through the mail but you do through the internet.


Unfortunately it doesn't appear that the FCC is actually doing anything with this

from the linked article
"Now, there is a bit of a loophole. A section of the FCC order fact sheet saying that de-identified, or anonymized, data is usable “outside the consent regime.” The phrasing was unclear so I checked with the FCC on this. It turns out that ISPs can collect sensitive information without your consent — provided they properly de-identify it before using it. That sounds a bit like the honor system to me."

In other words, ISPs can continue to collect personal information if they state they discard personal identifiers. Of course, there's really nothing to check that they actually do that so information gathering should continue full speed.

From everything I've seen so far, the FCC seems to like leaving loopholes. They reclassifyed ISPs as common carriers but did not forced open use of the telephones poles nor did they prohibit data caps or a fast lane. Everything they set out to cure is still allowed.

 

[MilwaukeeMike]

This should have been the case from the beginning... honestly. If I found out my ISP sold sensitive private data regarding myself I would sue the sh*t out of them. I believe it is morally wrong to sell that sensitive\private information about a user who doesn't consent.

From everything I've seen so far, the FCC seems to like leaving loopholes. They reclassifyed ISPs as common carriers but did not forced open use of the telephones poles nor did they prohibit data caps or a fast lane. Everything they set out to cure is still allowed.

Not to sound cynical, but this is normal. The govt doesn't actually care about you - they only want you to think they care about you. If Comcast really wants to use your personal information - they'll just make you give them permission before you get service. As the article says - they'll hide in their agreement forms.

However....

“Today's vote is a historic win for privacy and free expression and for the vitality of the internet,” said ACLU Senior Policy Analyst, Jay Stanley

This guy needs to get some perspective. A historic win? I'd guess it's a 'win' that will have no effect what-so-ever on anything. Companies having personal data is completely normal. What most big companies do to ensure privacy is use data-masking software that mixes up SSN, names, address etc. You get real data (meaning you'd still get names for names - not junk like *(&)^HG34 - , they would just be fake names). They do this so their own employees can't get at people's credit card numbers etc. I wouldn't be surprised if some companies didn't have to change a thing to comply with this.

I think calling it 'regulatory opportunism' sounds about right.

 

[PinothyJ]

What the hell is wrong with your country that only in 2016, and a governmental court case, does this finally become a thing.

Jesus Christ...