FCC Passes Broad Privacy Rules, Limits Behavioral Advertising By Broadband Providers
- by Wendy Davis @wendyndavis, October 27, 2016
The Federal Communications Commission on Thursday passed sweeping privacy rules that limit broadband providers' ability to engage in online behavioral advertising.
The rules, passed by a 3-2 vote, prohibit Internet service providers from drawing on information about subscribers' Web activity and app usage for ad targeting.
"It is the consumer's information. It is not the information of the network the consumer hires to deliver that information," FCC Chairman Tom Wheeler said Thursday morning shortly before the vote. "The consumer has the right to make a decision about how her or his information is used."
The new rules apply only to companies that provide consumers with access to broadband, like Comcast, Time Warner and Verizon. Web publishers, search engines, social networks and other so-called "edge providers," aren't bound by the new rules and need not obtain users' explicit permission to draw on data about their Web use for ad purposes.
The regulations mark a "common sense step," Wheeler said. He added that the privacy order has the effect of "extending to the Internet the same kinds of concepts that we have for decades extended to the telephone network."
Privacy advocates supported the rules, but the ad industry and broadband providers lobbied heavily against them.
"The FCC’s decision is bad for consumers and bad for the U.S. economy," the Direct Marketing Association stated after the vote. "FCC‘s action ignores what’s working and working well, and supplants it with a burdensome system that will stifle innovation and make it harder to deliver advertising messages that are relevant and useful to consumers."
Many opponents argued that broadband providers should follow the same privacy standards as other online companies, like Google and Facebook. Those companies generally follow an industry code that allows consumers to opt out of receiving targeted ads based on Web-surfing data. The ad industry's self-regulatory code requires companies to seek opt-in consent from consumers before drawing on "sensitive" data, but defines that concept relatively narrowly. The definition includes financial account information, geolocation data and certain types of healthcare information.
Advocates largely cheered the FCC's vote. "This is a tremendous public interest breakthrough for privacy rights in the U.S., which lags behind nearly every other democracy when it comes to protecting online privacy," Jeff Chester, executive director of the Center for Digital Democracy said in a statement.
Sen. Ed Markey (D-Massachusetts) added: "These rules will ensure that as technology changes, our core values do not -- that consumers, not corporations, have control over their personal information."
This article gives the impression that an ISP such as Time Warner can not go out and do behaviorially targeted advertising, or remarketing, or any type of cookie-based targeting that is widely accepted in the industry. However, the understanding I have from the ruling is that these ISP's may no longer sell their customer data to 3rd party companies (or companies they are acquiring) to market to without the express consent of the customer first. However, they can still use the data themselves to inform their own marketing efforts without this same permission being granted. So someone correct me if I'm wrong - but this statement above "prohibit Internet service providers from drawing on information about subscribers' Web activity and app usage for ad targeting." is either flat out false or just extremely misleading.
The rules are very broad, and go beyond a prohibition on selling data. While the FCC hasn't yet published the full regulations, a fact sheet released today specifies that opt-in consent is required before ISPs can "use" or "share" data about consumers' "sensitive" data -- which the FCC says includes Web browsing and app usage history.
Wendy - if there is an updated fact sheet, I would love to read it. The last one I found was from October 6th - but you referenced a new one just released. Do you know where I could find that?