One of the more contentious issues facing the new Federal Communications Commission chairman is how internet service providers and other companies regulated by the FCC are able to share customer data. The FCC passed rules during the Obama administration that limit how and when this data is shared, and the new FCC chairman and the U.S. Congress are trying to scale back those limitations.
Among the FCC rules that are under reconsideration is the requirement that internet service providers must receive opt-in permission from their customers before “sensitive information” can be passed along to third parties. Mobile broadband providers want to redefine the definition of what’s considered sensitive information and exclude it from whatever laws remain, as Ars Technical reports.
Sensitive information currently includes a host of data, such as geolocation, financial, and health information, along with the actual content of internet communications like email and messaging. The CTIA, an organization representing the interests of mobile broadband companies including AT&T, Verizon, T-Mobile, and Sprint, wants web browsing and app usage history excluded from the definition. In a statement, the CTIA said: “To justify diverging from the [Federal Trade Commission’s] framework and defining Web browsing history as ‘sensitive,’ the commission and the [privacy rule supporters] both cherry-picked evidence in an attempt to show that ISPs have unique and comprehensive access to consumers’ online information. As the full record shows, however, this is simply not true. Indeed, even a prominent privacy advocacy organization asserted that it is ‘obvious that the more substantial threats for consumers are not ISPs,’ but rather other large edge providers.”
In other words, the FTC treats things differently, and so should the FCC, and the CTIA quoted a filing by the Electronic Privacy Information Center in putting forth its position. The quote states that it’s “the largest email, search, and social media companies” that represent the most substantial privacy threats.
Generally speaking, advocacy groups disagree about what constitutes sensitive information. A recent FCC filing by some groups stated, “It is clear that even with encryption, ISPs can glean information about political views, sexual orientation, and other types of sensitive information. As is true with call history and video viewing history, Web browsing history is sensitive and should require affirmative consent before use by ISPs.”
The CTIA’s concerns about what constitutes sensitive data might not matter much in the future, as both FCC Chairman Ajit Pai and the U.S. Congress are working to remove the rules that dictate how companies can share data. If these efforts succeed, then the FCC will lose much of its authority to regulate any sensitive data whether or not it includes web browsing and app usage data.