Who is responsible for maintaining the privacy of Internet users? Federal regulators say Internet service providers (ISPs) should shoulder more of the burden. So the Federal Communications Commission (FCC) this week proposed a set of privacy rules for ISPs that would reduce the ability of companies, such as Comcast and Verizon, to share data about their customers’ online activities with advertisers without their permission.

If approved, the proposal would for the first time establish privacy rules for companies that manage Internet traffic. This is the first significant regulatory move in this area since the FCC declared last year that high-speed Internet carriers should be treated like utilities.

In the new proposal, FCC chairman Tom Wheeler has called for broadband service providers to disclose clearly how they collect data about users’ online browsing and other activities. The plan would also require companies to improve the security of customer data.

Access To Data

The FCC announced the proposal in an essay by Wheeler that was published on the Huffington Post Web site. In the essay, Wheeler said that because ISPs handle all network traffic, they have access to unencrypted online activity that no other companies have.

"Even when data is encrypted, your broadband provider can piece together significant amounts of information about you -- including private information such as a chronic medical condition or financial problems -- based on your online activity," Wheeler noted.

Karl Bode, editor at ISP review site DSLReports, told us that the proposal seems like a common sense way to get those companies to take privacy precautions they probably should have adopted on their own. "Customers may not have a choice of providers, should they be stuck with one that fails to respect basic consumer privacy standards -- something that's just good business," Bode said.

Not Onerous?

If approved, the new regulations would put broadband providers under stronger privacy scrutiny than such Internet companies as Google and Facebook, which are monitored by the Federal Trade Commission. Because that agency cannot create rules for online privacy -- only data collection practices -- privacy advocates have been asking for another federal agency to step up oversight of user privacy on the Internet.

However, the FCC’s proposal did not make telecom and cable companies happy. AT&T said that as more Web sites become encrypted, ISPs are collecting less user data anyway. "There is no basis for treating ISP data as somehow ‘proprietary’ or subjecting ISPs to unique privacy requirements," said Bob Quinn, senior vice president of AT&T’s federal regulatory affairs, on the company's public policy blog,

But according to Bode, providing users with transparency and opt-out tools should not be seen as a draconian request of ISPs. "ISPs are still perfectly capable of innovating in this space and tracking user behavior all around the Internet -- provided they're just open about it," he said. "Most of this collected data can still be shared; again, the rules primarily focus on making sure that this sharing is transparent and giving users the tools to stop it if they're so inclined."