How to Stay Out of the FCC's Way

International Association of Privacy Professionals
6 minute read | May.26.2015

The New Cop on the Beat for Internet Privacy

March 28, the Federal Communications Commission (FCC) hosted a public workshop on “Broadband Consumer Privacy,” aimed at exploring the FCC's "role in protecting the privacy of consumers that use broadband Internet access service.” It’s a topic worth exploring now more than ever because, as The Privacy Advisor reported, the commission has recently announced new rules as part of its Open Internet Order that appear to firmly establish it as the new federal cop on the beat for Internet privacy. These rules give the FCC, traditionally a telecom privacy cop, the ability to take action against broadband Internet service providers for consumer privacy infractions.

A Little Background

The FCC has had longstanding authority to police privacy infractions for the entities it has traditionally regulated—phone, cable and satellite companies. In particular, Section 222 of the Communications Act and its related rules have, for many years, provided consumers strong privacy—and, less well-known, data security—protections in their use of phones through duties it creates for carriers. These include a “duty to protect the confidentiality of proprietary information of, and relating to ... customers,” which includes things like contact information, usage and location data; specific obligations related to “individually identifiable” confidential propriety network information (CPNI), and a duty to protect CPNI that a carrier causes to be stored on devices like mobile phones. A recent powerful example of the FCC’s use of its Section 222 authority is its $25 million settlement with AT&T over alleged failures to protect consumers’ personal information, the largest fine for data privacy violations in U.S. history.