1250 Broadway, 27th Floor New York, NY 10001

TRANSPARENCY, CHOICE, SECURITY

A.G. Schneiderman Urges FCC To Protect Consumer Privacy As Commission Weighs Greater Restrictions On Use Of Personal Information By Broadband Internet Access Service Providers

Schneiderman’s Comments On The FCC’s Proposed Privacy Rulemaking Emphasize Increased Transparency, Choice, And Security To Better Protect Consumer Privacy

NEW YORK – Attorney General Eric T. Schneiderman today announced that his office filed a letter with the Federal Communications Commission (“FCC”) regarding the FCC’s proposed rulemaking to establish privacy rules for Broadband Internet Access Service (“BIAS”) providers. In his comment to the FCC, Schneiderman expresses support for the FCC’s proposed rulemaking and provides several recommendations designed to maximize consumer choice, transparency, and security.

“As the gateway to the internet, BIAS providers are able to collect an unprecedented breadth of personal information about their customers,” said Attorney General Schneiderman. “This letter comment urges the FCC to ensure the privacy of BIAS customers and impose reasonable notice and reporting requirements on BIAS providers. Meaningful choice and online privacy should be the mainstays of consumer experience on the Internet.”

In his comment, Schneiderman applauds the FCC for its focus on the three pillars of consumer privacy: transparency, choice, and security. In particular:

Transparency: Schneiderman expresses support for the FCC’s proposed rules requiring BIAS providers maintain persistently and easily accessible privacy polies, written in clear and conspicuous language. Schneiderman recommends that the FCC further require BIAS providers to:

  • Make privacy policies as concise and specific as possible; and
  • Translate privacy policies into the language that the BIAS provider previously used to communicate with its customers, including during advertising and sales.

Choice: Schneiderman expresses support for the FCC’s proposed rules granting BIAS providers implied consent to use customer data as necessary to provide the contracted-for service, requiring BIAS providers to give customers opt-out consent regarding the use of their data for purposes of marketing communications-related services, and requiring BIAS providers to secure permission from customers before engaging in any other third-party commercial uses of their data. Schneiderman recommends that the FCC further require BIAS providers to:

  • Contractually obligate all data recipients to limit their use of data received via implied permission to those purposes enumerated in the FCC’s proposed rule;
  • Present customers with the privacy notice and choice option(s) upon initial login to the BIAS provider’s website and in such a manner that customers are likely to read them;
  • Give customers the option to easily revisit the privacy notice and adjust their choice options upon all subsequent logins to the BIAS provider’s website; and
  • Display an alert on the login landing page of the BIAS provider’s website in the event of any changes to the BIAS providers’ privacy policies and/or choice options.

Security: Schneiderman expresses support for the FCC’s proposed rules requiring BIAS providers to protect customer information that is stored or otherwise crosses their networks against unauthorized use or disclosure and recommends that the FCC:

  • Require BIAS providers to give notice following a data breach “in the most expedient time possible and without unreasonable delay” on top of a fixed deadline;
  • Require BIAS providers to contractually obligate any affiliates or third parties to notify the BIAS provider in the event of a data beach; and
  • Post on the FCC website the data breach notices it receives pursuant to this rule.

Schneiderman further expresses his support for the FCC’s broad definition of personally identifiable information, recognizing that emerging technologies make it far too easy to link facially non-identifying information to consumers and their devices.

Currently, BIAS providers are not subject to statutory protections regarding the privacy of their customers’ data. The rules proposed by the FCC, and supported by Attorney General Schneiderman, would protect consumer privacy by applying the privacy requirements of the Federal Communications Act to BIAS providers.

This matter was handled by Deputy Bureau Chief Clark Russell and Bureau Chief Kathleen McGee of the Bureau of Internet and Technology, Senior Enforcement Counsel and Special Advisor to the Attorney General Tim Wu, and Executive Deputy Attorney General for Economic Justice Manisha Sheth.

Categories: