NCTA: The Internet & Television Association and the American Cable Association have joined with other major telecom players to ask the FCC to stay the broadband privacy rules adopted on a party line vote in the waning days of the Tom Wheeler-led FCC. At the same time they re-committed to a set of privacy principles they will follow no matter what happens at the FCC or in Congress.
Those principles essentially restate and reaffirm longstanding practices (see below), including on choice, security, and breach notifications, the groups say. Principles they add are "in stark contrast to the flawed Wheeler privacy rules, which would create an inconsistent and confusing patchwork that will confuse consumers and weaken data protection online."
Joining in the stay request were CTIA, USTelecom, ACA, CCA ITTA, WISPA, and WTA.
Committing to the privacy principles are Altice USA, American Cable Association, AT&T, Charter Communications, Citizens Telephone and Cablevision, Comcast, Cox Communications, CTIA, Dickey Rural Networks, Inland Telephone Company d/b/a Inland Networks, ITTA – The Voice of Mid-Sized Communications Companies, NCTA – the Internet & Television Association, Northeast Louisiana Telephone Co., Inc. (NortheastTel), NTCA – The Rural Broadband Association, SCTelcom, T-Mobile, USTelecom, Verizon, VTX1 Companies, Wheat State Telephone, Inc., Wireless Internet Service Providers Association, WTA – Advocates for Rural Broadband.
Various motions to reconsider the FCC's broadband privacy framework have been filed, including by NCTA and ACA, and the groups asked the FCC to stay the privacy rules while it resolves those motions.
“Cable ISPs know well the trust that consumers place in them to protect their personal information," said NCTA senior VP Rick Chessen. "For years, they have met or exceeded the standards for privacy that were established by the Federal Trade Commission and were applicable throughout the Internet ecosystem. While these pro-privacy practices will continue, we look forward to swift action by the new FCC to reverse its recent decision that imposes new regulatory costs uniquely on ISPs and denies consumers the benefit of a consistent and effective approach to privacy protection.”
NCTA and some of the same groups have separately asked Congress to step in to invalidate the FCC rules using the Congressional Review Act.
But also appealing to the FCC for a stay makes sense given that the FCC is now chaired by one of the dissenters on that October broadband privacy order, Ajit Pai, who called them "one-sided rules that will cement edge providers’ dominance in the online advertising market and lead to consumer confusion about which online companies can and cannot use their data. I dissent." It could also take Congress a while to effect the change via the CRA, so a stay would keep the rules at bay in the interim.
NCTA and the other groups outlined their voluntary privacy principles, rooted in existing Federal Trade Commission principles it applies to edge providers, saying they were committed to them regardless of the legal status of the FCC's rules.
• "Transparency. ISPs will continue to provide their broadband customers with a clear, comprehensible, accurate, and continuously available privacy notice that describes the customer information we collect, how we will use that information, and when we will share that information with third parties.
• "Consumer Choice. ISPs will continue to give broadband customers easy-to-understand privacy choices based on the sensitivity of their personal data and how it will be used or disclosed, consistent with the FTC’s privacy framework. In particular, ISPs will continue to: (i) follow the FTC’s guidance regarding opt-in consent for the use and sharing of sensitive information as defined by the FTC; (ii) offer an opt-out choice to use non-sensitive customer information for personalized third-party marketing; and (iii) rely on implied consent to use customer information in activities like service fulfillment and support, fraud prevention, market research, product development, network management and security, compliance with law, and first-party marketing. This is the same flexible choice approach used across the Internet ecosystem and is very familiar to consumers.
• "Data Security. ISPs will continue to take reasonable measures to protect customer information we collect from unauthorized use, disclosure, or access. Consistent with the FTC’s framework, precedent, and guidance, these measures will take into account the nature and scope of the ISP’s activities, the sensitivity of the data, the size of the ISP, and technical feasibility.
• "Data Breach Notifications. ISPs will continue to notify consumers of data breaches as appropriate, including complying with all applicable state data breach laws, which contain robust requirements to notify affected customers, regulators, law enforcement, and others, without unreasonable delay, when an unauthorized person acquires the customers’ sensitive personal information as defined in these laws."