Few consumers have any choice of Internet provider, said Sen. Ron Wyden (D-Ore.). Thus, their only choice may be between “giving up their browsing history for an Internet provider to sell to the highest bidder or having no Internet at all,” he said.
Wyden also said that the FCC rules don’t prevent ISPs from monetizing customer data—the rules simply require ISPs to inform consumers about how their data is used and get customer consent before selling the most sensitive data, he said.
Advocacy groups including Free Press, Demand Progress, and the ACLU went to Congress to deliver nearly 90,000 petitions to “save broadband privacy” yesterday.
ISPs and advertising lobby groups had urged senators to kill the privacy rules. Cable lobby group NCTA—The Internet & Television Association said, “we appreciate today’s Senate action to repeal unwarranted FCC rules that deny consumers consistent privacy protection online and violate competitive neutrality.” The group said that the cable industry “remains committed to offering services that protect the privacy and security of the personal information of our customers.”
What the privacy rules require
The FCC’s privacy rules would require ISPs to get opt-in consent from consumers before selling or sharing personal information including geo-location data, financial and health information, children’s information, Social Security numbers, Web browsing history, app usage history, and the content of communications. Opt-out requirements would have applied to less sensitive data such as e-mail addresses and service tier information.
The opt-in and opt-out provisions would have taken effect as early as December 4, 2017. The rules would also force ISPs to clearly notify customers about the types of information they collect, specify how they use and share the information, and identify the types of entities they share the information with.
The FCC’s privacy rules also had a data security component that would have required ISPs to take “reasonable” steps to protect customers’ information from theft and data breaches. This was supposed to take effect on March 2, but the FCC’s Republican majority halted the rule’s implementation. Another set of requirements related to data breach notifications is scheduled to take effect on June 2.
The Senate vote would prevent all of these rules from taking effect, unless the House or President Trump decide otherwise.
Republicans say that the Federal Trade Commission should have authority over ISPs’ privacy practices, instead of the FCC. That would require further action by the FCC or Congress because ISPs and phone companies are common carriers that cannot be regulated by the FTC.