The Federal Communications Commission voted 3-2 on Thursday in favor of new rules to ensure internet service providers do not invade customers’ privacy.
The new rules will ensure that ISPs will not abuse their customers’ app usage, browsing history, mobile location data and other personal information that can be found on the internet. Providers must now obtain consent from customers before using or sharing that behavioral data with third parties.
The new rules also require consent for health data, financial information, Social Security numbers and the content of emails. The FCC left open the ability to impose additional measurements in the future.
While the new rules require internet providers to obtain consent before giving information to third parties, such as marketing companies, it does not restrict the providers from using the information themselves. Therefore, companies such as Verizon and Comcast can still use the data internally.
The FCC said in a release that the new rules “ensure broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs.”
The rules separate the use and sharing of information into three categories: “Opt-in” refers to ISPs obtaining consent; “Opt-out” refers to the ability for ISPs to use and share what is considered “non-sensitive” unless the customer opts out; and “Exceptions.”
“Customer consent is inferred for certain purposes specified in the statute, including the provision of broadband service or billing and collection. For the use of this information, no additional customer consent is required beyond the creation of the customer-ISP relationship,” The FCC wrote to define the exceptions category.
The FCC also notes that the scope of the rules is limited to broadband service providers and other telecommunications carriers.