It’s 2023 And The FCC Only Just Proposed Rules Requiring Telecoms Immediately Inform Consumers When Their Data Is Compromised (original) (raw)

from the requiring-the-bare-minimum dept

Back in 2015, the nation’s top telecom regulator attempted to create some very basic (by international standards) privacy guidelines for telecom providers, demanding they do things like (gasp) be transparent about the consumer data they were collecting and selling, while also requiring that consumers (gasp) opt in to the sale of any particularly sensitive data.

This was too egregious an ask for the “we’re very concerned about consumer privacy violations but only if TikTok is doing it” GOP, which quickly set about using the Congressional Review Act to kill the rules before they could even take effect. That decision not only killed broadband privacy rules, it limited what the FCC can and can’t do in relation to broadband consumer privacy moving forward.

But there are still some things the FCC can do. Like this week, when the agency proposed new guidelines requiring that telecom providers be faster and more transparent about reporting on data breaches (the full FCC proposal itself is here):

The new rule would eliminate the current seven-day waiting period for carriers to notify customers of a breach and require all breaches to be reported to the FCC, FBI and U.S. Secret Service. Instead, telecoms would need to report breaches to law enforcement as soon as intrusions are discovered and immediately to consumers, as well, unless otherwise advised by authorities.

Current FCC guidance gives telecoms with more than 5,000 users seven days to report privacy breaches to consumers. Companies with less than 5,000 users have 30 days before they’re obligated to even inform consumers. The updated rules also updates the definition of “breach” to include the accidental exposure of consumer data by telecoms, and not just data compromised by a hack.

That it’s 2023 and we’re only just considering rules requiring that broadband consumers be immediately and transparently informed when their private data is compromised by a third party pretty much tells you everything you need to know about the state of U.S. privacy policymaking, and the corruption and incompetence that go hand in hand in keeping it that way.

Keep in mind the FCC’s stuck in 2-2 partisan commissioner gridlock thanks to the telecom industry’s relentless smear campaign against agency nominee Gigi Sohn. That’s made it more difficult for the agency to hold them accountable for decades of location data abuse (even post-Roe), and likely means approval of even these basic rule improvements likely won’t be finalized by vote anytime soon.

This is, as they say, why we can’t have nice things.

Filed Under: adtech, breaches, consumer privacy, fcc, hacking, location data, privacy, telecom