The rules would significantly curb the ability of companies like Comcast and Verizon to share data about their customers’ online activities with advertisers without permission from users.

Share story

WASHINGTON — Federal regulators Thursday proposed a set of privacy rules for Internet service providers that would significantly curb the ability of companies like Comcast and Verizon to share data about their customers’ online activities with advertisers without permission from users.

In the proposal before the Federal Communications Commission, the agency’s chairman, Tom Wheeler, called for broadband service providers to disclose clearly how data may be collected about users’ online browsing and other activities. The plan also called for the companies to bolster the security of customer data.

The rules, if approved, would establish first-time privacy rules for the companies that manage the traffic of the web and would create some of the strongest privacy regulations for any segment of the technology and telecommunications industries. It is the first major regulatory action covering broadband providers since the FCC’s declaration last year that high-speed Internet carriers should be treated like utilities.

In a statement, Wheeler said that since Internet service providers handle all network traffic, the companies have a “broad view of all of your unencrypted online activity.” He added that “even when data is encrypted, your broadband provider can piece together significant amounts of information about you — including private information such as a chronic medical condition or financial problems — based on your online activity.”

This week, save 90% on digital access.

The regulations, if approved, would put broadband providers under stronger privacy oversight than Internet companies like Google and Facebook. Those companies are monitored by the Federal Trade Commission, whose ability to create specific privacy rules is limited.

Many privacy advocates have pushed for a greater role by other agencies because the FTC cannot create rules for online privacy and can only monitor data collection practices as an enforcement agency.

“This is nothing short of a historic moment,” said Jeffrey Chester, executive director of the Center for Digital Democracy, a privacy advocacy group. “Unlike the Federal Trade Commission, the FCC has the legal authority to enact safeguards that will allow an individual to have real control over how their information can be gathered and used.”

Some privacy experts said Internet service providers were capable of stitching together a more complete picture of a consumer by tracking the sites a customer visits using its network. Because more devices in the home are now being connected to Wi-Fi, the broadband providers also have more ways to collect data on their customers for online advertising, said Harold Feld, a senior vice president of the nonprofit media advocacy group Public Knowledge.

In an enforcement action against Verizon this week, the FCC found that the wireless company was using “supercookies” to continue tracking the activity of users through mobile browsers even when the customers tried to delete cookies — small files created by sites that are stored on devices and used to track activity — from browsers and to clear their browsing history.

The FCC’s proposal Thursday has already drawn protest by telecom and cable companies, which have pointed to the FTC as a strong privacy enforcer. But the FCC has argued that after it reclassified broadband as a utility, it was compelled by law to create privacy rules.

In a recent blog post, AT&T said Internet service providers were collecting less data as more sites become encrypted. Also, consumers are choosing virtual private networks that prevent broadband providers from seeing the sites people visit, the company said. Websites like Google are leading behavioral advertising companies that should be held to the same standards as broadband access providers, AT&T said.

“Given the realities of this complex market, there is no basis for treating ISP data as somehow ‘proprietary’ or subjecting ISPs to unique privacy requirements,” wrote Bob Quinn, senior vice president of AT&T’s federal regulatory affairs, referring to Internet service providers. “Consumers expect and deserve consistent privacy protections for their online data, regardless of which company is collecting it and the technology used to collect it.”

Custom-curated news highlights, delivered weekday mornings.