April 6, 2020

April 05, 2020

Subscribe to Latest Legal News and Analysis

April 03, 2020

Subscribe to Latest Legal News and Analysis

US Trade Associations and ISPs Petition FCC to Reconsider New Privacy Rules

On January 3, several US trade associations and internet service providers (ISPs) submitted petitions requesting that the Federal Communications Commission (FCC) reconsider its broadband privacy rules mandating consumer opt-in before using data for marketing purposes.

Among those groups submitting petitions are the United States Telecom Association, NCTA - Internet and Television Association, Competitive Carriers Association, Association of National Advertisers, American Association of Advertising Agencies, American Advertising Federation, Data & Marketing Association, Interactive Advertising Bureau, and Network Advertising Initiative.

On October 27, 2016, the FCC voted 3-2 along party lines to adopt a Report and Order imposing a set of uniform, comprehensive data security and privacy regulations on all telecommunications carriers, which include broadband internet access service (BIAS) providers, traditional voice providers, providers of other telecom services, and providers of interconnected Voice over Internet Protocol (VoIP) services. On December 2, 2016, a Final Rule was published in the Federal Register. The rules in the Final Rule become effective on a staggered basis starting January 3, 2017. See our previous post for background information and more details on the FCC’s original Notice of Proposed Rulemaking.

The FCC’s contested rules are based on three “foundations of privacy”—transparency, choice, and security—and impose several new requirements on carriers. The following are some of the highlighted requirements set forth in more detail in the Final Rule:

  • Carriers will be required to provide clear and accurate privacy notices to customers at the point of sale regarding the specific information collected and how it will be used. Customers must also be informed of their rights to opt-in or opt-out of the use of their confidential information.

  • Carriers must adopt security practices appropriately adjusted to the size of the provider and nature of its activities, the sensitivity of relevant data, and technical feasibility. However, specific carrier activities to meet these requirements are not delineated by the FCC.

  • In the event of a data breach, unless carriers can reasonably determine that there is no reasonable risk of harm to customers, carriers must notify the affected customers, the FCC, the FBI, and the Secret Service within seven days of determination that such a breach occurred, if the breach impacts 5,000 or more customers. If the breach affects fewer than 5,000 customers, carriers must notify the FCC no later than 30 days following reasonable determination that a breach occurred.

Some petitioners argue that the new rules violate First Amendment rights on commercial speech. Others say they will be unduly burdensome on certain smaller carriers and cause confusion among customers. An overarching argument, however, is that the Final Rule is unlawful and that the FCC does not have legal authority to impose its rules.

Given certain recent shifts in the political environment, it is difficult to predict the likelihood of the survival of the Final Rule. However, carriers should still closely review the new rules, understand their responsibilities, and assess existing privacy, data security, and other relevant policies and practices to determine if any changes are necessary to ensure compliance.

Copyright © 2020 by Morgan, Lewis & Bockius LLP. All Rights Reserved.


About this Author

Vito Petretti, Morgan Lewis, Technology Lawyer

Vito Petretti’s practice focus is technology and outsourcing matters. Clients regularly turn to him to draft and negotiate domestic and international outsourcing service agreements for a variety of business processes, such as information technology, finance and accounting, human resources, and procurement. Within the realm of information technology, Vito drafts and negotiates agreements for software licensing, hardware purchases and leases, data licensing and subscriptions, website hosting and development, and other technology-related agreements, including system...

Valerie A. Gross, Business Technology Attorney, Morgan Lewis

Valerie A. Gross focuses her practice on business technology transactions, including technology and business process outsourcing; systems integration; commercial agreements, including professional services and consulting agreements; and licensing and other technology-related agreements.