In comments to the Federal Communications Commission (FCC), the FTC has outlined the several key privacy and data security obligations of providers of broadband services in an FCC proceeding examining barriers to consumer adoption of these services. Where an entity makes promises or commitments, whether expressly or implicitly, regarding its privacy and data security practices, but then fails to live up to these commitments, the entity may be liable for a violation of the FTC Act’s prohibition against “deceptive or unfair business practices.” In addition, broadband providers may be subject to the Children’s Online Privacy Protection Act’s (COPPA) protections for online services and child-directed websites. Finally, broadband service providers may need to comply with the privacy and data security requirements found in the Fair Credit Report Act (FCRA) to the extent they may provide covered information regarding their subscribers to credit bureaus or use credit reports.

Federal Trade Commission comments