The Federal Communications Commission voted to adopt new online consumer privacy rules that would require Internet service providers (ISPs) to obtain opt-in consent for the collection of sensitive information and opt-out consent for any other information.
The FCC identifies sensitive information such as geo-location information, health records, information about children, financial information, Social Security numbers, app usage history, the content of communications, and Web browser history.
The ruling seeks to prevent Internet Service Providers from sharing sensitive and personally identifiable data with third parties. The factors that contribute to this decision include increased connectivity of everyday lives, increased number of third parties in users’ digital transactions, and the monetization of data, according to Jessica Rosenworcel, commissioner of the FCC.
“This is real privacy control for consumers,” Rosenworcel said. “It helps in the here and now. But with respect to the future of privacy, I think we still have work to do.”
These rules will lead to increased transparency, choice, and security online, according to Tom Wheeler, chairman of the FCC.
The FCC will scrutinize “pay for privacy” discounts that are offered to consumers who decide to allow companies to collect their data to prohibit inflated prices.
In the event of a data breach the Internet service providers would be required to notify customers within 30 days of the discovery, the commissioner within seven days of the discovery, and the Federal Bureau of Investigation within seven days if the breach affected more than 5,000 customers.
“The bottom line is that it’s your data,” said Wheeler. “How it’s used and shared should be your choice.”