Protecting Consumer Privacy Online

Internet Companies Reaffirm Consumer Privacy Principles As FCC Reviews Flawed Wheeler Era Broadband Rules

Today, associations representing virtually all of the leading US internet service providers filed a petition asking the FCC to stay unnecessarily restrictive and destructive broadband privacy rules recently adopted by the FCC, while at the same time releasing detailed and comprehensive principles reiterating ISPs’ commitment to protecting their customers’ privacy online.

These principles include specific policies on transparency, choice, security, and notifications in the case of a data breach. They reaffirm and restate the ISPs’ longstanding, pro-consumer privacy practices based on the highly respected FTC framework that has protected internet users for years and provided the flexibility necessary to innovate new product solutions to enhance consumers’ online experiences.

These effective principles reflect consumer expectation in stark contrast to the flawed Wheeler privacy rules, which would create an inconsistent and confusing patchwork that will confuse consumers and weaken data protection online. Data submitted to the FCC shows that 94% of internet users believe all companies collecting or using information online should be governed by the same set of rules.

The stay filed by CTIA, NCTA – The Internet & Television Association, USTelecom, ACA, CCA, ITTA, NTCA – The Rural Broadband Association, WISPA, and WTA asks the FCC to halt these harmful rules while it resolves multiple pending motions for their reconsideration. If granted, the combination of the ISPs’ privacy principles and applicable laws would protect consumers’ privacy without subjecting them to flawed and confusing regulations that would undermine the safe and consistent treatment of their data online.

For over twenty years, ISPs have protected their consumers’ data with the strongest pro-consumer policies in the internet ecosystem. ISPs know the success of any digital business depends on earning their customers’ trust on privacy. The following companies and associations affirm these principles: Altice USA, American Cable Association, AT&T, Charter Communications, Citizens Telephone and Cablevision, Comcast, Cox Communications, CTIA, Dickey Rural Networks, Inland Telephone Company d/b/a Inland Networks, ITTA – The Voice of Mid-Sized Communications Companies, NCTA – the Internet & Television Association, Northeast Louisiana Telephone Co., Inc. (NortheastTel), NTCA – The Rural Broadband Association, SCTelcom, T-Mobile, USTelecom, Verizon, VTX1 Companies, Wheat State Telephone, Inc., Wireless Internet Service Providers Association, WTA – Advocates for Rural Broadband..

The following statements can be attributed to each Association accordingly:

Tom Power, Senior Vice President and General Counsel, CTIA: “Wireless carriers are committed to respecting consumer privacy, and today they have enshrined that commitment by embracing a set of core privacy principles. We support a regulatory regime that reflects these principles and provides a uniform privacy and data security framework for all. Unfortunately, the FCC has adopted an uneven regulatory regime that picks winners and losers and that will confuse consumers who quite reasonably expect all companies to be governed by the same set of rules. Investment in next-generation 5G services require more regulatory clarity on broadband privacy, not less - a grant of this petition would be an important initial step in the right direction and allow time for careful review by both Congress and the FCC.”

Genevieve Morelli, President, ITTA: “ITTA’s member companies remain fully committed to safeguarding consumer privacy. Today’s petition asks the FCC to halt implementation of rules that, while well-intentioned, exceed the FCC’s statutory authority and will only serve to confuse consumers, in turn undermining their ability to exercise choice. We are confident that when the FCC reexamines these rules, it will address their unequal treatment of ISPs and will apply the same standards to all entities in the Internet ecosystem, thereby benefitting all consumers.”

Rick Chessen, Senior Vice President of Law & Regulatory Policy, NCTA: “Cable ISPs know well the trust that consumers place in them to protect their personal information. For years, they have met or exceeded the standards for privacy that were established by the Federal Trade Commission and were applicable throughout the Internet ecosystem. While these pro-privacy practices will continue, we look forward to swift action by the new FCC to reverse its recent decision that imposes new regulatory costs uniquely on ISPs and denies consumers the benefit of a consistent and effective approach to privacy protection.”

Jon Banks, Senior Vice President of Law & Policy, USTelecom: “USTelecom’s broadband provider members understand that consumer privacy is a core value. Our filing today simply asks the FCC to return to the FTC’s time-tested privacy framework that provides transparency, consumer choice and data security assurances. For many years, that framework has successfully protected consumer privacy and nurtured the growth of innovative services. We hope the FCC acts quickly so that consumers have a single framework for privacy and innovation across the Internet.”

ISP Privacy Principles

ISPs understand the trust our customers place in us, and we are committed to protecting our customers’ privacy and safeguarding their information. For 20 years, we have implemented policies and practices that are consistent with the FTC’s widely respected and effective privacy framework and other federal and state privacy laws. This framework helped drive the success of today’s Internet ecosystem by balancing consumer protection with the flexibility necessary to innovate. We understand the importance of maintaining our customers’ trust. That is why we will continue to provide consumer privacy protections, while at the same time meeting consumers’ expectations for innovative new product solutions to enhance their online experiences. Regardless of the legal status of the FCC’s broadband privacy rules, we remain committed to protecting our customers’ privacy and safeguarding their information because we value their trust. As policymakers evaluate the issues, we will maintain consumer protections that include the following:

  • Transparency. ISPs will continue to provide their broadband customers with a clear, comprehensible, accurate, and continuously available privacy notice that describes the customer information we collect, how we will use that information, and when we will share that information with third parties.
  • Consumer Choice. ISPs will continue to give broadband customers easy-to-understand privacy choices based on the sensitivity of their personal data and how it will be used or disclosed, consistent with the FTC’s privacy framework. In particular, ISPs will continue to: (i) follow the FTC’s guidance regarding opt-in consent for the use and sharing of sensitive information as defined by the FTC; (ii) offer an opt-out choice to use non-sensitive customer information for personalized third-party marketing; and (iii) rely on implied consent to use customer information in activities like service fulfillment and support, fraud prevention, market research, product development, network management and security, compliance with law, and first-party marketing. This is the same flexible choice approach used across the Internet ecosystem and is very familiar to consumers.
  • Data Security. ISPs will continue to take reasonable measures to protect customer information we collect from unauthorized use, disclosure, or access. Consistent with the FTC’s framework, precedent, and guidance, these measures will take into account the nature and scope of the ISP’s activities, the sensitivity of the data, the size of the ISP, and technical feasibility.
  • Data Breach Notifications. ISPs will continue to notify consumers of data breaches as appropriate, including complying with all applicable state data breach laws, which contain robust requirements to notify affected customers, regulators, law enforcement, and others, without unreasonable delay, when an unauthorized person acquires the customers’ sensitive personal information as defined in these laws.

These principles are consistent with the FTC’s privacy framework, which has proved to be a successful privacy regime for many years and which continues to apply to non-ISPs, including social media networks, operating systems, search engines, browsers, and other edge providers that collect and use the same online data as ISPs. That framework has protected consumers’ privacy while fostering unprecedented investment and innovation. The principles are also consistent with the FCC’s May 2015 Enforcement Advisory, which applied to ISPs for almost two years while the FCC’s broadband privacy rules were being considered. .

The above principles, as well as ISPs’ continued compliance with various federal and state privacy laws, will protect consumers’ privacy, while also encouraging continued investment, innovation, and competition in the Internet ecosystem.

Alice USA

American Cable Association

AT&T

Charter Communications

Citizens Telephone and Cablevision

Comcast

Cox Communications

CTIA

Dickey Rural Networks

Inland Telephone Company d/b/a Inland Networks

ITTA – The Voice of Mid-Sized Communications Companies

NCTA – The Internet & Television Association

Northeast Louisiana Telephone Co., Inc. (NortheastTel)

NTCA – The Rural Broadband Association

SCTelcom

T-Mobile

USTelecom

Verizon

VTX1 Companies

Wheat State Telephone, Inc.

Wireless Internet Service Providers Association

WTA – Advocates for Rural Broadband