FCC Releases Enforcement Advisory

Tells Broadband Providers to Take "Reasonable, Good Faith" Steps to Protect Consumer Privacy in Absence of Rules

Come June 12, unless stayed by a federal court, broadband Internet service providers will be subject to expanded requirements to protect consumer privacy and new limitations on the use of customer data under the FCC’s recent Open Internet Order. The problem: no one is exactly sure what those additional requirements and limitations are, and new “guidance” from the Commission’s Enforcement Bureau simply advises broadband providers to take “reasonable, good-faith steps to comply with Section 222, rather than focusing on technical details,” and to “employ effective privacy protections in line with their privacy policies and core tenets of basic privacy protections.”

As a reminder, as part of its Open Internet Order, the Commission applied the statutory obligations of Section 222 of the Communications Act that relate to the use and disclosure of customer proprietary network information or “CPNI” (more generally and traditionally thought of as information about a telephone customer’s use of their service – not personally identifiable information, such as Social Security numbers or payment card information). However, the Commission declined to apply its own rules implementing Section 222, finding that they were “not well suited” for broadband service. This outcome leaves broadband service providers in the precarious position of interpreting a statute without any official guidance or rules from the agency of jurisdiction, even where the agency itself is unable to explain how Section 222 applies to broadband but says only that Section 222 will apply.

Continue reading here.