UNITED STATES SENATE WASHINGTON, July 7, 2016
The Honorable Tom Wheeler Chairman U.S. Federal Communications Commission 445 12“ Street, Washington, DC 20554 Dear Chairman Wheeler: The FCC has nearly thirty years of experience protecting the privacy of telecommunications customers who have no choice but to share highly personal information about themselves in order to obtain essential telecommunications services. Against the backdrop of the privacy framework that the FCC developed in the 1980s, Congress passed the bipartisan Telecommunications Act of 1996 and granted the FCC expansive authority to adopt enforceable rules that require common carriers to protect the proprietary information of customers. Current rules ensure that consumers’ personal information cannot be sold to the highest bidder without consumer consent. These rules honor Americans’ expectation of privacy in personal communications and foster trust in essential networks that promote unhindered speech and association. The rules also help prevent companies with few competitors from abusing the personal information of consumers to gain an anti-competitive advantage in other markets. These rules must be extended to broadband. In 2016, broadband access is no longer a luxury; it is now as essential as phone service. Like the phone companies of the twentieth century, internet service providers (ISPs) are gatekeepers that control the infrastructure that Americans depend on to access vital applications and services. They provide a critical service that allows consumers to access information and communicate across town and around the globe. An ISP has a duty to protect the privacy of consumers who use the company’s wired and wireless infrastructure to connect to the world. Last year, the FCC reclassified broadband as a telecommunications service under Title II of the Communications Act and adopted rules to protect the open internet, and last month the D.C. Circuit Court of Appeals upheld this reclassification. As part of reclassification, the Commission wisely chose to apply Section 222 of Title Il to broadband, extending the duty to protect the privacy of information that ISPs collect about their customers by virtue of the carrier-customer relationship. In March, the FCC voted to advance a rulemaking to extend privacy rules to broadband. We strongly support the Commission’s Notice of Proposed Rulemaking, and believe that this framework will strengthen the privacy protections for consumers‘ personal information. As the FCC finalizes these rules, we urge you to carefully consider the following: 1. Definition of customer proprietary information (customer PI) — We are pleased that the FCC has proposed privacy protections for a comprehensive definition of customer PI, which includes a vast array of sensitive and private customer information. Every click a consumer makes online paints a detailed picture of their personal and professional lives, and this sensitive information should be protected by strong privacy standards. We support the proposed definition of customer PI, which includes private information such as internet usage, online activities, and broadband service payments 2. Definition of customer — Private information that consumers have no choice but to share with their ISP does not stop being private when they switch ISPs. We applaud the Commission for applying protections for current and former broadband subscribers. 3. Transparency — Consumers ought to be able to know at any time what kind of information their ISP is collecting about them and how this information is being used. We support the Commission’s proposed privacy dashboard and believe that it would ensure that ISPs are accurately laying out data collection policies in standardized forms that are easy for consumers to access, read and understand. We also agree that privacy notices should be prominently displayed at the point-of-sale and through a link on the lSP’s website. 4. Consumer consent — ISPs should be required to get affirmative express consent before using and sharing their customers’ proprietary information. Customer information ought not be shared beyond the extent necessary for the ISP to deliver the requested service to the consumer. * We believe that ISPs should gain affirmative express consent from consumers before using or sharing information beyond what is needed to deliver service and manage its networks. This includes sharing information with affiliates. Therefore, we support requiring ISPs to obtain customers’ opt-in approval before giving customer Pl to third parties or affiliates. We also encourage the Commission to require ISPs to secure opt-in approval for activities not instrumental to delivering internet services, including marketing. * The use of broadband should not be conditioned upon consumer consent for the collection, use or sharing of information beyond that which is necessary to deliver service. For example, a consumer should not be required to click through a form that requires the consumer to forfeit privacy protections as a condition to gaining access to a service. We support the Commission’s proposal to prohibit ISPs from making access to services conditional on a customer agreeing to relinquish their customer PI. * Consumers should not have to pay an ISP an additional amount in order to protect their privacy. Not only is a pay-for-privacy standard counter to our nation’s core principle that all Americans have a fundamental right to privacy, but it also may disproportionately harm low-income consumers, the elderly, and other vulnerable populations. Privacy is not a luxury, so we encourage you to prevent ISPs from charging consumers to keep their proprietary information private. 5. Data security and timely notification of breaches — Strong data security measures are needed to protect consumers’ information from external and internal unauthorized access. If a network or database is breached in a manner that could compromise the consumer’s privacy or cause the consumer harm, ISPs must notify consumers about the breach and any actions that consumers could take to mitigate potential harm from the breach. Thus, we support efforts by the Commission to develop strong and effective data security protections and breach notification requirements. * Data minimization: ISPs should not only apply strong data security measures to protect the sensitive customer information they hold, but they should also minimize the amount of customer information they collect and only retain that data for limited periods of time to help reduce the harms that could be caused by a breach. We urge the Commission to require ISPs to minimize data collection and limit data retention. * Deep packet inspection: Deep packet inspection (DPI) involves analyzing internet traffic beyond the minimum needed to route a specific data packet. DPI could be used for marketing purposes and would be a clear violation of consumers’ privacy rights. We encourage the Commission to prohibit ISPs from using DP] for marketing purposes. 6. Clear complaint processes — We encourage the Commission to ensure that both ISPs and the FCC have clear, user-friendly, easily accessible and responsive complaint processes for consumers who have evidence or reason to believe their privacy has been violated. 7. Parity between wireless and wireline — Consumers’ privacy should be protected regardless of whether a consumer uses a cellular network, Wi-Pi, or a wireline connection to access the internet. We encourage the Commission to maintain parity between the privacy obligations of fixed and mobile broadband. 8. Prohibition of mandatory arbitration clauses — Mandatory arbitration clauses requiring consumers to resolve disputes through arbitration rather than the traditional judicial process are both unfair and unreasonable. We encourage the Commission to prohibit ISPs from including mandatory arbitration clauses in their contracts. Thank you for your attention to this important matter. We encourage you to complete this crucial rulemaking without delay. Sincerely, Edward J. Markey, Richard Blumenthal, Al Franken, fo Elizabeth Warren, Patrick Leahy and Bemard Sanders. United States Senators Ref: https://www.dslreports.com/r0/download/2276489~9c8eadeef46a724ca4d98bd97565ce17/Letter%20--%20FCC%20Privacy%20%207-7-16.pdf -- Cheers, Stephen Sent from Mail for Windows 10 _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
