The Federal Communications Commission (FCC) has adopted privacy rules that will require Internet service providers, including Verizon, Comcast and AT&T, to obtain consent from consumers before they can share web-browsing data and other private information with advertisers and third parties.

The new requirement includes information concerning websites visited, mobile location information, apps used and other sensitive details collected from computers and smartphones. The rules separate the use and sharing of information into three categories and include clear guidance for both ISPs and customers about transparency.

Here are the new rules:
Under the regulations ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. Those categories range from Social Security numbers to browsing histories. But, ISPs would be allowed to use and share non-sensitive information unless a customer “opts-out.” For example, email address or service tier information would be considered non-sensitive as well as the use and sharing of that information.

The FCC’s new rules will apply to fixed and mobile broadband providers and will not affect the privacy practices of websites such as Facebook and Twitter.

The FCC won’t ban “pay-for-privacy.” That’s where ISPs charge customers extra when they don’t share information. But there will be a requirement of full disclosure that such “paid privacy protection” may no longer be needed.

Learn more about the HBS Data Privacy and Security Practice: