Federal Communications Commission Chairman Tom Wheeler told lawmakers today that he anticipates finalizing broadband privacy rules later this year.
Testifying at a Senate hearing, Wheeler also hinted that the final regulations could differ from a proposal he put forward earlier this year. That initial proposal would require Internet service providers to obtain consumers' consent before drawing on their Web-surfing data for behavioral targeting. Ad networks, online publishers and other online advertising companies, by contrast, typically operate on an opt-out basis.
While Wheeler didn't elaborate on how the rules may evolve, he said in his prepared testimony that the Federal Trade Commission's input "has been particularly helpful."
Staff at the FTC recommended earlier this year that Internet service providers should obtain opt-in consent before using "sensitive" data for ad targeting, and allow consumers to opt out of the use of "non-sensitive" information.
Some broadband carriers have argued that they should be able to treat sensitive and non-sensitive data differently. Verizon, for instance, argued in an FCC filing that it should only be required to obtain opt-in consent for "the most sensitive use cases."
But privacy advocates have argued against different rules for different types of data.
"A rule that varies based on sensitivity will be a much more complex, unpredictable, and less privacy protective one," privacy expert and former FTC adviser Paul Ohm recently told the agency.
What's more, he adds, figuring out whether information is sensitive "requires far more invasion of privacy as well as far more surveillance."
Ohm also points out that no one agrees on the definition of sensitive. (The self-regulatory organization Digital Advertising Alliance considers "pharmaceutical prescriptions or medical records related to a specific individual" sensitive health data. But a different self-regulatory group, the Network Advertising Initiative, the NAI takes a broader view; that group defines sensitive health data as “precise information about past, present, or potential future health or medical conditions or treatments, including genetic, genomic, and family medical history.")
A group of 16 state attorneys general have weighed in against the Federal Communications Commission's proposed privacy rules for broadband carriers.
In a letter to the FCC, Michigan Attorney General Bill Schuette, Texas AG Ken Paxton, Ohio's Mike DeWine and 13 other attorneys general declare -- without offering any empirical support -- that people don't view broadband carriers differently from ad networks or other companies.
"Consumers value their privacy and the security of their personal information, period," the attorneys general state in a letter obtained by Bloomberg BNA. "They do not differentiate between who has access to their information in the online environment."
Despite that assertion, some assertions, consumer advocacy and civil rights groups see some obvious differences between ISPs and other companies.
"It is alarming how much information broadband providers can collect about their subscribers. ISPs know where their customers live as well as their personal financial information," Free Press, the Center for Media Justice and other organizations say in a new FCC filing. "They can also monitor the content that users access on the internet when that content is unencrypted.... Their tracking and cataloguing of our lives is so invasive that it could allow them to determine -- and then profit from -- private information on subscribers' race, religious, health, income, employment status, and political views."