On December 2, 2016, the FCC’s Broadband Privacy Report and Order (“Order”) was published in the Federal Register, triggering the 30-day deadline for petitions for reconsideration, and the effective dates for certain new requirements adopted in the Order, as we discuss below. In addition, petitions for review in a court of appeals may be filed within 60 days. The Republican Commissioners in dissenting statements and in public comments have criticized the Commission for applying “asymmetric regulation”, since the new rules regulate the privacy practices of broadband providers but do not regulate similar practices of edge providers. In many respects, the Order follows the traditional sector approach applied by the FTC and other federal agencies in protecting sensitive personal information that is protected under specific federal statutes, such as financial and health information. The Order, however, expands upon these prior privacy approaches to extend heightened privacy protection to web browsing and mobile application usage history collected by broadband providers, which was previously outside the scope of protection.
Certain of the new privacy rules take effect in the next several months, including:
- The prohibition on conditioning the provision of Broadband Internet Access Service (“BIAS”) upon a customer’s agreement to waive privacy rights, which will take effect on January 1, 2017; and
- New data security requirements, which will take effect on March 2, 2017
Other aspects of the new rules, including the Order’s notice and consumer choice rules and breach notification procedures, will require Office of Management and Budget approval under the Paperwork Reduction Act. This may provide opponents of the new rules an early opportunity to get the ear of the new Administration, and to challenge their effectiveness outside the FCC, though it is widely expected that parties will seek reconsideration before the Commission or pursue a court challenge to the rules.
For a detailed summary of the new rules click here.