FCC Adopts Order Approving New Rules for ISPs
The Federal Communications Commission (“FCC”) has adopted new data privacy and security rules for internet service providers (“ISPs”). Under the new rules, ISPs must adopt “reasonable” data security and other measures, and obtain their customers’ explicit consent before using or sharing with third parties sensitive data. Sensitive data includes financial and health-related information, children’s information, precise geo-location information, and related data. For non-sensitive data (such as service tier information), the use and sharing of that information will be subject to opt-out consent. The FCC’s new rules also prohibit ISPs from refusing to serve customers who do not consent to the use and sharing of their information for commercial purposes, and include new data breach notification requirements.