The FCC has adopted rules requiring internet service providers (ISPs) to get customers’ permission before selling data they collect to marketers.
"It’s the consumers’ information. How it is used should be the consumers’ choice," said FCC chairman Tom Wheeler. The vote was 3-2 along party lines.
ISPs typically collect and package information to data brokers and marketers without consumers’ knowledge or permission. This ruling means that this standard practice has now been outlawed. Comissioner Jessica Rosenworcel, who voted in favour of the new rules said: "our digital footprints are no longer in sand, they are in wet cement."
Under the new FCC rules, ISPs will have to inform consumers about what information is collected and how it is used and shared. In addition, users will have to inform their ISP about the types of entities with which their information is shared. ISPs will be required to obtain consumers ‘opt-in consent’.
The rule defines ‘opt-in consent’ with the following definition: "ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications."
While this is a positive move for users, critics have pointed out that the data collected by ISPs represent a fraction of the information gathered online and that sites such as Google, Facebook and Twitter are not covered by this ruling.
Commissioner Ajit Pai, who voted no, said that the "cold reality" is that the new rules will not stop those companies from "harvesting and monetizing your data".
Industry reaction was negative as the Direct Marketing Association issued a statement that said the FCC’s move "is bad for consumers and bad for the U.S. economy".
By contrast, privacy groups, such as the Center for Democracy and Technology, said that this is "a significant step forward in protecting internet users, who have no choice but to expose massive amounts of information to broadband providers".
While this rule only covers ISPs in the US, with mounting pressure on web providers in the UK, this debate could come across to these shores before long.