• by Wendy Davis , Staff Writer, October 14, 2016

The ad industry may be pushing back against the Federal Communications Commission's revised proposal for privacy rules, but some advocates are pressing the agency for even tougher rules.

The proposed rules, unveiled last week by FCC Chairman Tom Wheeler, would require broadband providers like Comcast and AT&T to obtain consumers' opt-in consent before drawing on "sensitive" information -- including their Web browsing and app usage history for ad targeting. The proposed regulations would allow providers to use "non-sensitive" information for ad targeting on an opt-out basis.

Ad trade groups say there's no reason to require broadband providers to seek users' opt-in consent before drawing on Web browsing or app usage history for ads. Ad groups say this type of information isn't always "sensitive" -- at least not according to the industry's relatively narrow definition of that term. (Industry groups say that sensitive data only includes material like precise geolocation information, financial account numbers and health care information.)

By contrast, New America’s Open Technology Institute is pushing the FCC to expand the definition of "sensitive" to cover other information, including data about what time of day people use their broadband connections.

"Information about when and how much a customer uses their connection can be analyzed to determine when the customer is home and when they are not (i.e., location), as well as when they are asleep and when they are awake," the Open Technology Institute writes. "Information about the volume of traffic on the network can be analyzed to deduce what a customer is doing (e.g., streaming a movie). And changes in routine traffic patterns could indicate that a customer is on vacation, has become unemployed, or has experienced a change in family status."

The organization also urges the FCC to explicitly say that subscribers' IP addresses are "sensitive" data. "IP address can disclose accurate geolocation information," the advocates say. "The FCC should ensure that its final rule allows it to enforce against the use and disclosure of source IP addresses, which can accurately locate a person, without opt-in consent."