Expect a notice similar to this in a future cable or telephone company bill.

Cable and phone companies will now need your permission before they can market sensitive private information about you to third parties.

In a 3-2 decision (Democrats in favor, Republicans opposed), the Federal Communications Commission today issued new rules that will limit how providers collect and share information about your location, the websites you visit, and the subjects you are interested in based on your online travels. Broadband providers will have to get explicit approval from their customers before they can trade or sell information they have gathered. Providers will still be able to sell your name and address to advertisers, as long as they offer a provision allowing customers to opt-out of shared marketing.

The FCC’s decision has major implications for providers’ future revenue from lucrative targeted advertising. For that reason, and others, providers were angered by the new restrictions, particularly because they don’t apply to content providers like Google, which was largely built on revenue from targeted web advertising. Consumers can avoid using Google and its services, but they cannot avoid their broadband provider, which may be why the FCC targeted the privacy measures on those selling broadband instead of those pushing web content.

Wheeler

“It is the consumer’s information. How it is to be used should be the consumers’ choice, not the choice of some corporate algorithm,” said FCC chairman Thomas Wheeler.

The two Republicans on the Commission immediately attacked the privacy protections as unnecessary, echoing the sentiments of the cable and phone companies.

Commissioner Michael O’Reilly warned broadband providers could still buy the information they would have collected themselves, and as a result, prices will rise for consumers. Commissioner Ajit Pai accused the Democrats on the Commission of “corporate favoritism” towards Google.

Here are the full details about the new privacy policies:

The rules separate the use and sharing of information into three categories and include clear guidance for both ISPs and customers about the transparency, choice and security requirements for customers’ personal information:

• Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.
• Opt-out: ISPs would be allowed to use and share non-sensitive information unless a customer “opts-out.” All other individually identifiable customer information – for example, email address or service tier information – would be considered non-sensitive and the use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations.
• Exceptions to consent requirements: Customer consent is inferred for certain purposes specified in the statute, including the provision of broadband service or billing and collection. For the use of this information, no additional customer consent is required beyond the creation of the customer-ISP relationship.

In addition, the rules include:

• Transparency requirements that require ISPs to provide customers with clear, conspicuous and persistent notice about the information they collect, how it may be used and with whom it may be shared, as well as how customers can change their privacy preferences;
• A requirement that broadband providers engage in reasonable data security practices and guidelines on steps ISPs should consider taking, such as implementing relevant industry best practices, providing appropriate oversight of security practices, implementing robust customer authentication tools, and proper disposal of data consistent with FTC best practices and the Consumer Privacy Bill of Rights.
• Common-sense data breach notification requirements to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information.