Hardly anyone was pleased by the rollback of the broadband privacy rule last month, opening up the possibility of ISPs collecting and selling your browsing data including, as it turns out, cities whose citizens were left out in the cold. Seattle wasted no time taking matters into their own hands, and the result is a local rule that provides a few of the repealed ones critical protections.
The FCCs broadband privacy rule would have boosted requirements for transparency and security practices and more importantly would have added browsing history to the list of customer proprietary information and required ISPs to get advance permission from consumers to track and sell it.
Of course, it was never allowed to take effect. Seattles response was swift; I talked with the citys CTO, Michael Mattmiller, about what happened next.
When the president and Congress repealed the rule, the mayor directed us to look for authority the city already had to restore or perhaps not restore, but make a rule like it, he said.
The city found its authority in the municipal code governing cable franchises; the rules on the books are mostly about TV service, but setting privacy standards for subscribers of cable service and other services provided over the cable system seems well within the mandate.
The new rule was added yesterday; it requires cable internet providers to obtain opt-in consent before using web browsing history or other internet usage data for its own purposes.
Internet providers have occasionally protested that they dont do that kind of thing anyway.
We say thats great, but we still think there should be a rule. Trust, but verify thats our mantra, Mattmiller said. ISPs dont want to be treated different from Google, Facebook, Amazon and other tech companies. But we believe that a consumers relationship with their ISP is fundamentally different from other services or websites.
In addition to getting opt-ins from consumers, ISPs would have to provide their privacy statement to city authorities for inspection yearly, and if they do any aggregating and anonymizing of data, provide their methods and reasons for doing so.
The rule affects Comcast, CenturyLink and local ISP Wave; these three account for a large majority of broadband subscribers in the city. ISPs that do wireless or satellite connections technically arent bound by the cable rules, so theyre unaffected for now unless, Mattmiller joked, they volunteer to submit themselves to the new regulation.
May 24 is the deadline for compliance with the rules, so if youre in Seattle (like me), one of two things will happen. You might receive an update from your internet provider asking you to opt into their data collection scheme. But you also might not, which either indicates that the ISP doesnt have a scheme like that, or decided to shut it down before the 24th. Sounds good to me either way.