It's Your Data: Empowering Consumers to Protect Online Privacy

Thomas 'Tom' Wheeler, chairman of the U.S. Federal Communications Commission (FCC), speaks at INTX: The Internet & Television
Thomas 'Tom' Wheeler, chairman of the U.S. Federal Communications Commission (FCC), speaks at INTX: The Internet & Television Expo in Chicago, Illinois, U.S., on Wednesday, May 6, 2015. The event, formerly known as The Cable Show, has been the reimagined for doing business in the digital economy by the National Cable and Telecommunications Association (NCTA). Photographer: Daniel Acker/Bloomberg via Getty Images

It's the age of anywhere, anytime Internet connectivity -- do you know where your information is?

Whenever we go online, we share information about ourselves. This information can be used to recommend a TV show based on what we've watched before. It can help target advertisements for products that we're interested in. And it can also paint a portrait of our family life, our health, our finances, and other sensitive personal details.

We all know that the social media we join and the websites we visit collect our personal information, and use it for advertising purposes. Seldom, however, do we stop to realize that our Internet Service Provider (ISP) is also collecting information about us. What's more, we can choose not to visit a website or sign up for a social network, or choose to drop one and switch to another. Broadband service is different. Once you subscribe to an Internet service provider -- for your home or for your smartphone -- you have little flexibility to change your mind or avoid that network.

Think about it. Your ISP handles all of your network traffic. That means it has a broad view of all of your unencrypted online activity -- when you are online, the websites you visit, and the apps you use. If you have a mobile device, your provider can track your physical location throughout the day in real time. Even when data is encrypted, your broadband provider can piece together significant amounts of information about you -- including private information such as a chronic medical condition or financial problems -- based on your online activity.

The information collected by the phone company about your telephone usage has long been protected information. Regulations of the Federal Communications Commission (FCC) limit your phone company's ability to repurpose and resell what it learns about your phone activity.

The same should be true for information collected by your ISP.

Today, I'm proposing to my colleagues that we empower consumers to ensure they have control over how their information is used by their Internet Service Provider. Every broadband consumer should have the right to know what information is being collected and how it is used. Every broadband consumer should have the right to choose how their information bits should be used and shared. And every consumer should be confident that their information is being securely protected.

This is not to say network providers shouldn't be able to use information they collect -- only that since it is your information, you should decide whether they can do so. This isn't about prohibition; it's about permission.

Under my proposal, ISPs would be able to use information about where you want to go on the Internet in order to deliver the broadband service you signed up for, just as phone companies can use the phone numbers you dial to connect you to your calls. They would also be able to use customer information for other purposes that are consistent with customer expectations; for example to market higher speed connections and to bill for their services. ISPs would be able to use and share customer information with their affiliates to market other communications-related services unless you "opt out" and ask them not to. All other uses and sharing of your personal data would require your affirmative "opt-in" consent. We recognize that ISPs must necessarily collect and use information you create to provide service. However, consumers deserve to have safeguards in place to ensure that information necessary to run the network is used only for that purpose unless the owner of that information -- the consumer -- agrees otherwise.

One of the most important things to remember about this proposal is that it is narrowly focused on the personal information collected by network providers. The privacy practices of the websites that you choose to visit are not covered by this proposal. Indeed, there are other federal and state agencies, namely the Federal Trade Commission -- that do a great job dealing with such companies and their privacy practices. The Federal Communications Commission is the nation's telecommunications agency. We're sticking to our knitting -- decades of expertise concerning communications networks. Also, this proposal does not wade into government surveillance, encryption or other law enforcement issues. This is about ISPs and only ISPs.

On March 31, my fellow Commissioners will vote to seek comment on this proposal. If approved, all Americans will have the opportunity to weigh in and have their voices heard. We want to listen and we want to learn from you before we adopt final, enforceable rules of the road.

Simply by using the Internet, you have no choice but to share large amounts of personal information with your broadband provider. You have a right to know what information is being collected about you and how that information is being used. That's why establishing baseline privacy standards for ISPs is a common sense idea whose time has come. The bottom line is that it's your data. How it's used and shared should be your choice.


Tom Wheeler is Chairman of the Federal Communications Commission, the United States' primary authority for communications laws, regulation and technological innovation. You can follow him on Twitter at @TomWheelerFCC or visit the agency at, on Twitter @FCC, Facebook, or Instagram.