The head of the US communications regulator has unveiled a proposal for tougher security and privacy rules to be applied to broadband providers.
US Federal Communications Commission (FCC) boss Tom Wheeler on Thursday outlined a proposal that would require broadband providers such as Verizon and Comcast to obtain consent before collecting consumer data.
They would also have to explain clearly how they use that data for targeted advertising. The plan will also require providers to secure customer data and disclose data breaches.
Wheeler said in a statement that broadband providers have unique access to customer information, enjoying an "unobstructed view of all their unencrypted online activity".
"Even when data is encrypted, broadband providers can still see the websites that a customer visits, how often they visit them, and the amount of time they spend on each website. Using this information, ISPs can piece together enormous amounts of information about their customers, including private information such as a chronic medical condition or financial problems," he said.
If the proposal is adopted, broadband providers would be allowed to share customer data with third parties for marketing, unless the customer opts out.
All other users and data-sharing would require an opt-in. Broadband providers will not need permission for activities related to the provision of broadband services, nor for marketing such services to the customer.
ISPs will also need to adopt risk-management practices to protect customer data. In the event of a breach they must tell affected customers within 10 days of discovery and the FCC within seven days. If the breach affects more than 5,000 customers, providers must inform the FBI and US secret service within seven days.
A vote on the proposal by the full Commission will be held on March 31. The public will have a chance to comment if the proposal is adopted.