The Federal Communications Commission's Net Neutrality Order, aka “Open Internet Order,” released in March 2015, applies the core customer privacy protections of Section 222 of the Communications Act to providers of broadband Internet access service (“BIAS”), including telephone company, cable company and wireless providers of Internet access. In the past, Section 222 has applied only to “Customer Proprietary Network Information” (“CPNI”) maintained by wireless and wired telephone carriers. In general, CPNI includes information about when and for how long, customers called people on the telephone and whom they called.
In its Net Neutrality Order, the commission determined that, absent privacy protections, a broadband provider’s use of similar personal and proprietary customer information could be at odds with its customers’ interests. This might include information about which web sites are visited by internet service provider (“ISP”) customers. If consumers have concerns about the protection of their privacy, their demand for broadband may decrease. In the FCC’s view, this would be contrary to the public interest. Accordingly, in the Net Neutrality Order, the FCC asserted jurisdiction over ISP-customer interactions for the first time in history.
At the same time, the FCC declined to apply its existing telephone and voice centric rules set out in Part 64 of its Rules implementing Section 222 and indicated that, in the future, it may adopt implementing rules that are tailored to broadband providers. As a result, only the statutory provisions of Section 222 themselves will apply to broadband providers when the Net Neutrality Order goes into effect on June 12, 2015, assuming no court stays are in effect. Such proposed stays are now being reviewed by the U.S. Court of Appeals for the D.C. Circuit.
On May 20, 2015, FCC Enforcement Bureau issued an advisory telling broadband providers how it intends to enforce Section 222 in the absence of implementing rules. Here is what it says, in pertinent part:
During this period, the Enforcement Bureau intends to focus on whether broadband providers are taking reasonable, good-faith steps to comply with Section 222, rather than focusing on technical details. By examining whether a broadband provider’s acts or practices are reasonable and whether such a provider is acting in good faith to comply with Section 222, the Enforcement Bureau intends that broadband providers should employ effective privacy protections in line with their privacy policies and core tenets of basic privacy protections.
Not hugely informative, but probably intended as a general warning to broadband providers to protect customer privacy and to act in accordance with their own otherwise applicable privacy policies. We think this would tend to preclude new attempts at capturing “CPNI like” data for commercial or other purposes, but we can discuss specific proposals.
The advisory also refers to the option broadband providers now have to consult with the FCC Enforcement Bureau on whether a proposed course of conduct complies with the Net Neutrality Order. The advisory says that such a request for guidance will “tend to show” that the provider is “acting in good faith,” presumably in a future enforcement proceeding. The advisory hastens to add that failure to consult will “not be relevant to a consideration of reasonableness or good faith.” Perhaps not totally reassuring, but the advisory is intended to promote caution, and we should evaluate courses of conduct affecting customary privacy in that light.