June 28, 2017

June 27, 2017

Subscribe to Latest Legal News and Analysis

June 26, 2017

Subscribe to Latest Legal News and Analysis

US Trade Associations and ISPs Petition FCC to Reconsider New Privacy Rules

On January 3, several US trade associations and internet service providers (ISPs) submitted petitions requesting that the Federal Communications Commission (FCC) reconsider its broadband privacy rules mandating consumer opt-in before using data for marketing purposes.

Among those groups submitting petitions are the United States Telecom Association, NCTA - Internet and Television Association, Competitive Carriers Association, Association of National Advertisers, American Association of Advertising Agencies, American Advertising Federation, Data & Marketing Association, Interactive Advertising Bureau, and Network Advertising Initiative.

On October 27, 2016, the FCC voted 3-2 along party lines to adopt a Report and Order imposing a set of uniform, comprehensive data security and privacy regulations on all telecommunications carriers, which include broadband internet access service (BIAS) providers, traditional voice providers, providers of other telecom services, and providers of interconnected Voice over Internet Protocol (VoIP) services. On December 2, 2016, a Final Rule was published in the Federal Register. The rules in the Final Rule become effective on a staggered basis starting January 3, 2017. See our previous post for background information and more details on the FCC’s original Notice of Proposed Rulemaking.

The FCC’s contested rules are based on three “foundations of privacy”—transparency, choice, and security—and impose several new requirements on carriers. The following are some of the highlighted requirements set forth in more detail in the Final Rule:

  • Carriers will be required to provide clear and accurate privacy notices to customers at the point of sale regarding the specific information collected and how it will be used. Customers must also be informed of their rights to opt-in or opt-out of the use of their confidential information.

  • Carriers must adopt security practices appropriately adjusted to the size of the provider and nature of its activities, the sensitivity of relevant data, and technical feasibility. However, specific carrier activities to meet these requirements are not delineated by the FCC.

  • In the event of a data breach, unless carriers can reasonably determine that there is no reasonable risk of harm to customers, carriers must notify the affected customers, the FCC, the FBI, and the Secret Service within seven days of determination that such a breach occurred, if the breach impacts 5,000 or more customers. If the breach affects fewer than 5,000 customers, carriers must notify the FCC no later than 30 days following reasonable determination that a breach occurred.

Some petitioners argue that the new rules violate First Amendment rights on commercial speech. Others say they will be unduly burdensome on certain smaller carriers and cause confusion among customers. An overarching argument, however, is that the Final Rule is unlawful and that the FCC does not have legal authority to impose its rules.

Given certain recent shifts in the political environment, it is difficult to predict the likelihood of the survival of the Final Rule. However, carriers should still closely review the new rules, understand their responsibilities, and assess existing privacy, data security, and other relevant policies and practices to determine if any changes are necessary to ensure compliance.

Copyright © 2017 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

TRENDING LEGAL ANALYSIS


About this Author

Of Counsel

Vito Petretti is of counsel in Morgan Lewis's Global Outsourcing, Technology, and Commercial Transactions Practice. Mr. Petretti's practice focuses on technology and outsourcing matters. As part of his practice, Mr. Petretti regularly drafts and negotiates an array of domestic and international outsourcing service agreements for a variety of business processes, such as information technology, finance and accounting, human resources, and procurement. He also drafts and negotiates a variety of information technology agreements such as software licensing agreements,...

215-963-5001
Valerie A. Gross, Morgan Lewis, Technology Transactions Attorney, System Integration Lawyer
Associate

Valerie A. Gross focuses her practice on business technology transactions, including technology and business process outsourcing; systems integration; commercial agreements, including professional services and consulting agreements; and licensing and other technology-related agreements.

212.309.6953