Privacy will be a key enforcement issue for FCC under open Internet rules, enforcement chief says

13 March 2015. By Mike Swift.

An important emerging ramification of the Open Internet Rules and Order published by the Federal Communications Commission is that Internet services are about to get a prominent new federal privacy enforcer, applying existing federal law to Internet privacy issues, the chief of the FCC’s Enforcement Bureau said on Friday.

“Suddenly, we’re now bringing a regime, the Communications Act, and particular provisions of it, to apply to Internet service providers. I think that is going to be a big trend you are going to see from the federal side” in privacy enforcement, Travis LeBlanc, chief of the FCC’s Bureau of Enforcement, said at an Internet privacy conference* Friday in Silicon Valley.

“The Open Internet Order is going to make clear that there are going to be some sector-specific rules that are going to apply there,” LeBlanc added. “From the enforcement side of the FCC, it’s something that we are really starting to think about as the new rules go into effect.”

One key element of the 400-page text of the order published Thursday in response to the debate over “net neutrality” is the FCC’s decision to not forbear enforcement of Section 222 of the Telecommunications Act of 1996, which puts specific privacy limits on information collected and held by telecommunications
companies covered by the act.

“This order finds that consumers concerned about the privacy of their personal information will be more reluctant to use the Internet, stifling Internet service competition and growth,” the FCC concluded in a the text of the order that goes into effect 60 days after it appears in the Federal Register.

“Application of Section 222’s protections will help spur consumer demand for those Internet access services, in turn ‘driving demand for broadband connections, and consequently encouraging more broadband investment and deployment,’ consistent with the goals of the 1996 act.”

Section 222 says that “a telecommunications carrier that receives or obtains customer proprietary network information” may only use, disclose or share that information for services “necessary to, or used in, the provision of such telecommunications service.” There are limited exceptions to those limitations,such as for emergency services.

The new Internet order, approved 3-2 by the FCC on Feb. 26, applies equally to mobile wireless data services as well as Internet services that come through cable TV or phone lines. The FCC decision is widely expected to face a court challenge in the near future by large telecom companies such as Verizon or Comcast. So it’s not certain whether that regulatory regime will be permanent.

Customer data 

But one implication the FCC will consider as it develops specific rules for the enforcement of that order, LeBlanc said Friday, is that many Internet service providers also provide bundled services, such as television and voice telephone, and they may share customer data across those services.

That could soon lead, he said, to situations where a person’s web searches could drive the advertising they see on TV, or the content of their voice calls could lead to the digital ads they see on the Internet.

“We have to think about how they are being shared,” LeBlanc said of that bundled data.

The FCC will develop implementing rules for how it will enforce Section 222 in coming months, FCC staff said in a call with reporters Thursday, with one key question being how “customer proprietary network information,” as defined by the 1996 Act, will apply to the Internet.

Section 222 defines CPNI as “information that relates to the quantity, technical configuration, type, destination, location and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier,” or information contained in billing for that service.

One reason the Open Internet Order is 400 pages long, FCC staff said, is that it was written as a detailed explanation of the FCC’s reasoning for whichever court or courts review the order.

“The existing CPNI rules do not address many of the types of sensitive information to which a provider of broadband Internet access service is likely to have access, such as (to cite just one example) customers’ web browsing history,” the FCC said in Thursday’s order.

But if the CPNI rules need to be updated, the FCC concluded it is clear that enforcement of Section 222’s privacy limits are in the interest of consumers. “Broadband providers serve as a necessary conduit for information passing between an Internet user and Internet sites or other Internet users, and are in a position to obtain vast amounts of personal and proprietary information about
their customers,” the FCC said. “Absent appropriate privacy protections, use or disclosure of that information could be at odds with those customers’ interests.”