In the past five months, we’ve seen a significant shift in the direction of privacy regulation at the federal level. As discussed in our previous post, Congress voted (and President Trump signed) a resolution repealing last year’s FCC Order that imposed greater obligations on broadband Internet service providers and other carriers regarding the protection of customer data. The FCC and FTC also announced that they intend to reverse the FCC’s 2015 decision to treat broadband Internet service providers as Title II common carriers, which would effectively return jurisdiction over broadband Internet service providers to the FTC. Then, at the beginning of this month, the Ninth Circuit granted a petition by the FTC to rehear its ruling from last year that the FTC lacked authority under the FTC Act to regulate AT&T as a common carrier.
Continue Reading

On March 1, 2017, the Federal Communications Commission (the “FCC”) voted 2-1 to issue a stay order temporarily halting the implementation of the Protecting the Privacy of Customers of Broadband and Other Telecommunications Services order (the “2016 Privacy Order”). The 2016 Privacy Order was adopted in October 2016 with the intention of imposing greater obligations on broadband Internet service providers and other telecommunications carriers to protect the privacy of their customers. Specifically, the 2016 Privacy Order created three categories for the use and sharing of customer information based on sensitivity: opt-in, opt-out, and exceptions to the consent requirements. In addition, the 2016 Privacy Order imposed new requirements related to notice, customer approval, and breach notification. You can read further about the elements of the 2016 Privacy Order in our previous post. The 2016 Privacy Order faced criticism from broadband industry trade groups, who alleged that it would subject Internet service providers to a different standard than other companies operating in the Internet space. 
Continue Reading

On October 27, 2016, the Federal Communications Commission (FCC) adopted an Order requiring broadband Internet service providers and all other telecommunications carriers providing telecommunications services to take greater steps to protect the privacy of their customers, including current and former subscribers and new applicants. Specifically, the new rules create three categories for the use and sharing of customer information based on sensitivity: opt-in, opt-out, and exceptions to the consent requirements. Acting pursuant to its authority under Section 222 of the Communications Act, which governs the protection of telecommunications service customers’ proprietary information (defined as (i) individually identifiable Customer Proprietary Network Information (CPNI); (ii) personally identifiable information (PII); and (iii) content of communications), the FCC clarified that the new rules are designed to ensure that customers are in control regarding use of their information.

The Order was issued on November 2, 2016 and is available here. Here’s a summary of the key obligations imposed on carriers:


Continue Reading