Who Owns Your Data? – The Repeal of Online Privacy Protection
Data Transmitted Over the Internet Belongs to the Internet Service Providers.
With the repeal of the 2016 Online Privacy Protection, our government is ruling that the data we send over the internet is not our private information, but data that is searchable and usable by your Internet Service Provider (ISP). Data transmitted is essentially owned by our Internet Service Providers (ISP) and is available to them to do with it what they will.
Background
In 1934 our government set out to regulate the burgeoning communications industry with the Communications Act of 1934. This is a long document that covers just about everything you can imagine that is related to communication. Section 222 [47 U.S.C. 222] of this law set out to define the “Privacy of Customer Information.” It said:
IN GENERAL.–Every telecommunications carrier has a duty to protect the confidentiality of proprietary information of, and relating to, other telecommunication carriers, equipment manufacturers, and customers, including telecommunication carriers reselling telecommunications services provided by a telecommunications carrier.
In short, the carriers have an obligation to protect customer data. It goes on further to state:
CONFIDENTIALITY OF CUSTOMER PROPRIETARY NETWORK INFORMATION.–
(1) PRIVACY REQUIREMENTS FOR TELECOMMUNICATIONS CARRIERS.–Except as required by law or with the approval of the customer, a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable customer proprietary network information in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories.
Customer Proprietary Network Information (CPNI) is the data collected by telecommunications companies about a consumer’s telephone calls, i.e. our own specific information. The law says the carriers can only use the specific customer information to provide or provision the service. That’s it. They are not allowed to sell it or use it for anything other than what is specified.
So what information are carriers allowed to sell?
A telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service may use, disclose, or permit access to aggregate customer information other than for the purposes…
They can sell aggregate customer information but NOT customer proprietary network information. Aggregate customer information is defined as collective data that relates to a group or category of services or customers, from which individual customer identities and characteristics have been removed.
So way back in 1934, we wrote laws to protect our communications privacy. In 1996 aspects of the law were updated and the initial protections were kept in place.
Updating Early 20th Century Laws
In 2016, a Federal Communications Commission rule called “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” was enacted. This bill set out to further update and modernize aspects of the 1934 FCC regulations, to address today’s technological advances and to protect the privacy of the citizen consumer.
our approach can be simply stated: First, consumers must be able to protect their privacy, which requires transparency, choice, and data security.
The 2016 rule recognized that most of personal and business transactions take place online, and it addressed these complexities of our online data driven society as well as the dangers of hacking and the need to secure sensitive personal data. It clearly set out to protect the citizens. In doing so, it placed a portion of the burden upon the utilities that provide online services by expanding upon the original protections set forth in Section 222 of the 1934 law.
Repeal of the Protections
In March of 2017 both the House and the Senate voted to repeal the 2016 rule. The bill to repeal will now go before the President for certain approval.
What does the repeal mean to us?
Although the 2016 rule was enacted it was not yet in effect. So, as result of the repeal, nothing really changes. Or does it?
The 1934 FCC bill was comprehensive for its time. It covers telephones, radio (am, fm, short-wave, etc..), television, maritime, aviation, and so on… It is a hefty document. But it was written in 1934 and doesn’t address modern communication technologies or applications. The 2016 law set out to modernize the early law.
Although we are still protected under the terms of section 222 of the 1934 law, these are general protections that can easily be skirted as their provisions don’t adequately define our account for current technologies and applications as the 2016 rule identified. Though not perfect, we like the 2016 ruling. As a company that provides data services, a primary objective for us is to secure and protect customer data. Customer data is customer data. We believe in privacy. We don’t believe that transmission of data should mean relinquishing ownership of personal, private information. Whether I send you a letter, call you on the phone or send you an email, privacy is a right that our Constitution intends to protect. The 2016 rule set out to clarify this. We are sorry to see the rule repealed.
What will change?
Will anything change now? Probably not immediately. But the way has been cleared for companies to use and sell customer data for profit without consent. Additionally no provisions are enacted that require the ISP “utilities” to protect the customer. The repeal of the 2016 rule is a repeal of personal protections. It is a repeal that diminishes personal privacy and increases the utilities’ potential to profit from it. We can only wait and see what it will mean.
What can we do to protect data if the laws don’t?
If you are concerned about online privacy there a number of things that you can do. In our article Online Privacy and How to Protect It, we give some pointers. Check it out and thanks for reading.