On March 31, 2016, the Federal Communications Commission (FCC) adopted a Notice of Proposed Rulemaking (NPRM) that proposed to establish new privacy guidelines for broadband Internet service providers (ISPs).1 The FCC designed the proposal to “ensure broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs.”2 To accomplish this goal, the NPRM proposes to apply the privacy requirements of Section 222 of the Communications Act3 to ISPs that offer broadband Internet access service (or, in the NPRM’s terminology, “BIAS”).4 The FCC asserted that applying the privacy requirements set forth in Section 222 would “give broadband customers the tools they need to make informed decisions about how their information is used by their ISPs and whether and for what purposes [their information may be shared] with third parties.”5
Continue Reading ISPs Could Face New Privacy Regulations Under FCC Proposed Rulemaking

Telecommunications carriers must take precautions to protect call and location data stored on customers’ devices, according to the Federal Communications Commission (FCC).1 As discussed in a prior WSGR Eye on Privacy article,2 the FCC reacted to the carriers’ use of Carrier IQ to collect customers’ call information, despite its data security vulnerabilities. The FCC sought public comment on whether this type of data collection should fall within the agency’s authority under the Communications Act of 1934, as amended. After reviewing public comments, the FCC issued a Declaratory Ruling concluding that carriers must provide safeguards for certain types of data that carriers cause to be stored on their customers’ devices directly or through their agents. This security requirement applies to data transferred to carriers’ systems as well as data stored on the consumers’ devices.
Continue Reading FCC Actions Clarify That Mobile Data Security Rules Apply to Data on Devices