Future Tense

New FCC Rules Require Internet Providers to Protect Users’ Personal Information

The Federal Communications Commission passed new rules on Thursday to protect internet users’ privacy.

Mark Wilson/Getty Images

On Thursday, the Federal Communications Commission passed new regulations that require internet service providers to protect the privacy of their customers.

“The rules ensure broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs,” the FCC said in a statement.

Specifically, the new measures require ISPs to obtain permission from consumers to use and share sensitive information including geo-location, financial and health information, children’s information, social security numbers, web browsing history, app usage history, and the content of communications. For other nonsensitive information like email addresses, consumers can choose to “opt out” of having ISPs use or share that information with outside firms. Additionally, the FCC says providers must provide “clear, conspicuous and persistent notice about the information they collect, how it may be used and with whom it may be shared.”


The FCC notes that the new rules “do not prohibit ISPs from using or sharing their customers’ information—they simply require ISPs to put their customers in the driver’s seat when it comes to those decisions.”

The Washington Post explains that the new rules, approved 3–2 by the FCC, come “as Internet providers race to turn their customers’ behavioral data into opportunities to sell targeted advertising.” It says:

No longer content to be the conduits to websites, social media and online video, broadband companies increasingly view the information they collect on users as they traverse the Web as a source of revenue in itself.

With its move, the FCC is seeking to bring Internet providers’ conduct in line with that of traditional telephone companies that have historically obeyed strict prohibitions on the unauthorized use or sale of call data.

Consumer privacy advocates welcomed the change, but this certainly isn’t a cure-all. The FCC explicitly noted three areas over which the new rules have no influence: the privacy practices of social media websites and apps, which are regulated instead by the Federal Trade Commission; other services of broadband providers, such as operation of social media like Twitter or Facebook; and issues relating to government surveillance, encryption, or law enforcement.