Like other privacy nerds all over the land, I’ve been anxiously awaiting the results of the Federal Communications Commission’s vote on some stringent new privacy rules for internet service providers (ISPs). Last week, we got news that the vote passed, and now it’s time to start taking stock of what this means for digital advertisers, publishers, and the US privacy landscape overall. Here’s what you need to know:
- The opt-in requirement represents a sea change in US privacy management. Until now, the US approach to data collection has largely been opt-OUT oriented. The FCC ruling changes that. The commission is requiring broadband internet access service (BIAS) providers – that is, mobile carriers and ISPs – to gain explicit opt-IN before making their personal data available for ad targeting. It’s important to note that de-identified data and “non-sensitive” data don’t fall under the opt-in requirement. These data can continue to be shared as it is today, and can be used for the providers own business and marketing purposes without the consent requirement.
- Speaking of “sensitive” data… there’s a lot more of it to consider now. Historically, sensitive personal data has been limited to financial data, health data, data about minors, and a few other categories. The new rules broaden the definition significantly to include data that’s become the lifeblood of online advertising:
- Precise geolocation
- Web browsing history
- App usage history
- The content of the communication