The FCC's privacy rules would require ISPs to get opt-in consent from consumers before selling or sharing personal information including geo-location data, financial and health information, children’s information, Social Security numbers, Web browsing history, app usage history, and the content of communications. Opt-out requirements would have applied to less sensitive data such as e-mail addresses and service tier information.
The opt-in and opt-out provisions would have taken effect as early as December 4, 2017. The rules would also force ISPs to clearly notify customers about the types of information they collect, specify how they use and share the information, and identify the types of entities they share the information with.
The FCC's privacy rules also had a data security component that would have required ISPs to take "reasonable" steps to protect customers' information from theft and data breaches. This was supposed to take effect on March 2, but the FCC's Republican majority halted the rule's implementation. Another set of requirements related to data breach notifications is scheduled to take effect on June 2.
[…]
The rules were approved in October 2016 by the Federal Communications Commission's then-Democratic leadership, but are opposed by the FCC's new Republican majority and Republicans in Congress. The Senate today used its power under the Congressional Review Act to ensure that the FCC rulemaking "shall have no force or effect" and to prevent the FCC from issuing similar regulations in the future.
The House, also controlled by Republicans, would need to vote on the measure before the privacy rules are officially eliminated. President Trump could also preserve the privacy rules by issuing a veto. If the House and Trump agree with the Senate's action, ISPs won't have to seek customer approval before sharing their browsing histories and other private information with advertisers.
[…]
The Senate measure was introduced two weeks ago by Sen. Jeff Flake (R-Ariz.) and 23 Republican co-sponsors. Flake said at the time that he is trying to "protect consumers from overreaching Internet regulation." FCC Chairman Ajit Pai argues that consumers would be confused if there are different privacy rules for ISPs than for online companies like Google and Facebook. "American consumers should not have to be lawyers or engineers to figure out if their information is protected," Pai recently told Democratic lawmakers.
[…]
The Senate action "would allow Comcast, Verizon, Charter, AT&T, and other broadband providers to take control away from consumers and relentlessly collect and sell their sensitive information without the consent of that family," Markey said. That sensitive information includes health and financial information, and information about children, he said. ISPs want to "draw a map" of where families shop and go to school, and sell it to data brokers "or anyone else who wants to make a profit off you," Markey said.
"Your home broadband provider can know when you wake up each day—either by knowing the time each morning that you log on to the Internet to check the weather/news of the morning, or through a connected device in your home," Sen. Bill Nelson (D-Fla.) said during Senate floor debate yesterday. "And that provider may know immediately if you are not feeling well—assuming you decide to peruse the Internet like most of us to get a quick check on your symptoms. In fact, your broadband provider may know more about your health—and your reaction to illness—than you are willing to share with your doctor."
Home Internet providers can also "build a profile about your listening and viewing habits," while mobile broadband providers "know how you move about your day through information about your geolocation and Internet activity through your mobile device," he said.
[…]
The Senate vote was 50-48, with lawmakers voting entirely along party lines.
[…]
The Senate vote would prevent all of these rules from taking effect, unless the House or President Trump decide otherwise.
Republicans say that the Federal Trade Commission should have authority over ISPs' privacy practices, instead of the FCC. That would require further action by the FCC or Congress because ISPs and phone companies are common carriers that cannot be regulated by the FTC.