Open internet rules proposed this week by Federal Communications Commission Chair Jessica Rosenworcel wouldn't just prohibit broadband providers from blocking or throttling traffic. Her proposal would also pave the way for the agency to issue regulations curbing internet service providers' ability to collect and harness data for advertising.
“We believe that ISPs are situated to collect vast swaths of information about their customers, including personal information, financial information, and information regarding subscriber online activity,” the FCC's 129-page notice of proposed rulemaking states.
“We further believe that consumers currently may not fully comprehend -- and therefore may not be able to meaningfully consent to -- ISPs’ collection, processing, and disclosure of customer information, including potentially through the use of artificial intelligence models,” the notice continues. “We are also concerned that, absent statutory and regulatory requirements to do so, ISPs may not adopt adequate administrative, technical, physical, and procedural safeguards to protect their customers’ data.”
The FCC is expected to vote next month to accept public comments on the proposal, including provisions empowering the agency to regulate broadband privacy.
The commission previously tackled broadband privacy in 2016, when it passed a set of rules that would have required internet access providers to obtain subscribers' opt-in consent before drawing on their browsing history or app usage for ad targeting.
"It is the consumer's information. It is not the information of the network the consumer hires to deliver that information," former chair Tom Wheeler said at the time.
The following year, however, federal lawmakers revoked those rules under the Congressional Review Act -- a 1996 law that allows federal lawmakers to vacate recent agency decisions.
Rules repealed under the Congressional Review Act can't be replaced with ones that are “substantially similar,” but the extent of that limitation is unclear, according to advocacy group Public Knowledge.
“What is considered 'substantially similar' has never been tested in court,” Public Knowledge said in 2017. “It’s not even clear who is the ultimate authority on determining what is substantially similar.”
Since 2017, at least 13 states including California, Washington and Maine have moved forward with their own privacy laws. Maine's law, passed in 2019, requires internet service providers to obtain users' explicit consent before using web browsing data for ad targeting.
That statute specifically prohibits broadband carriers from “using, disclosing, selling or permitting access to customer personal information” without explicit consent. It also prohibits carriers from either refusing service to people who don't consent to tracking or charging different rates to people based on whether they consent to tracking.
NCTA--The Internet & Television Association, and other industry groups sued in 2020 to block the Maine law, essentially arguing there was no good reason to single out broadband carriers for regulation. The organizations abandoned their lawsuit last year, with NCTA stating at the time that it planned to focus on “promoting more reasonable and effective bipartisan privacy legislation that applies universally to all stakeholders.”