Among other extensive obligations, the new rules require broadband Internet service providers to notify customers about the information it collects and shares, and the entities with whom it shares the information. A consumer must now “opt in” before the ISP may gather and share certain kinds of sensitive information, such as web browsing, app usage, and financial and health information. A consumer must also have the option to “opt out” of allowing non-sensitive information to be obtained and shared. There are also specific notification requirements in the event of an unauthorized disclosure of a customer’s personal information.

In a statement, FCC Commissioner Tom Wheeler stated that the rules were crafted “to provide consumers increased choice, transparency and security online.” For broadband service providers and other telecommunications carriers, the new rules almost certainly mean big changes in the way they do business.

Wheeler promises the changes will not end there. In his statement, he noted that the “time has also come to address the harmful impacts of mandatory arbitration requirements” and said the FCC has already commenced an internal process designed to produce a notice of proposed rulemaking by February 2017.

According to the 2016 Carlton Fields Class Action Survey, nearly 67% of companies currently use arbitration clauses to offset the risks and costs of high-stakes class actions and almost 69% of companies are handling one or more class action lawsuits on an ongoing basis. With the FCC’s proposed rulemaking, this could mean an overall increase in high-exposure class actions, particularly for broadband Internet service providers and other telecommunications carriers. In fact, corporate counsel predicted that the next wave of class action suits will most likely involve data privacy and security issues.