Internet service providers and wireless carriers would have to seek permission from customers before using their private information for certain marketing purposes, if new rules proposed by Federal Communications Commission Chairman Tom Wheeler are approved.

For example, ISPs could only share a subscriber's Internet usage habits with advertising companies or other third parties if the subscriber opts in to such usage. An ISP also wouldn't be able to serve targeted ads to you based on your Web browsing habits without first obtaining opt-in consent.

"Your ISP handles all of your network traffic," Wheeler wrote in a blog post today. "That means it has a broad view of all of your unencrypted online activity—when you are online, the websites you visit, and the apps you use. If you have a mobile device, your provider can track your physical location throughout the day in real time. Even when data is encrypted, your broadband provider can piece together significant amounts of information about you—including private information such as a chronic medical condition or financial problems—based on your online activity."

Wheeler's notice of proposed rulemaking was announced today, and the FCC is scheduled to vote on it on March 31. The item will seek comment from the public, with a goal of approving final rules later this year. The rules wouldn't prohibit targeted advertising, but FCC officials said customers should have control over how their information is used and shared.

The proposed rules apply only to Internet service providers and would not affect the privacy practices of websites.

AT&T is already serving targeted ads based on customers' Web surfing with its "Internet Preferences" program. If consumers opt in to data collection, AT&T analyzes their Internet usage and uses the results to deliver personalized ads online. In exchange, AT&T customers get at least a $29-per-month discount if they agree to the data collection and targeted ads.

Senior FCC officials said the call for public comment will seek input on whether the FCC should take action against ISPs that charge consumers extra if they don't opt into targeted ads.

Wheeler's proposed rules are similar to ones the FCC already applies to telephone service. "ISPs would be able to use information about where you want to go on the Internet in order to deliver the broadband service you signed up for, just as phone companies can use the phone numbers you dial to connect you to your calls," Wheeler wrote. ISPs would also be able to use customer information to bill subscribers and advertise higher speeds to them without permission.

Certain practices wouldn't require customer permission in advance, but ISPs would have to offer customers a way to opt out. "ISPs would be able to use and share customer information with their affiliates to market other communications-related services unless you 'opt out' and ask them not to," Wheeler wrote. "All other uses and sharing of your personal data would require your affirmative 'opt-in' consent."

"Affiliates" are entities controlled by the ISP, such as subsidiaries or companies in which the ISP has at least a 10 percent ownership stake. Verizon could thus use the billing address of its FiOS Internet customers to market Verizon Wireless services, unless a customer opts out. But the "affiliate" exception wouldn't apply to subsidiaries when they aren't providing communications services. That means Verizon would need permission from customers to share data with AOL's ad network, even though Verizon owns AOL.

ISPs will still be able to use anonymized, aggregate information without consumer consent as long as the information can't be linked to a specific individual or device, officials said.

The proposal also pitches some new security requirements. ISPs would have to notify customers of data breaches within 10 days of a breach and notify the commission within seven days.

Tie-up with Title II

Wheeler's privacy plan is an outgrowth of last year's decision to reclassify Internet service providers as common carriers under Title II of the Communications Act. Title II gives the FCC authority to impose privacy requirements on telecommunications providers, but the commission's existing privacy rules cover telephone service and not broadband.

ISPs are suing the FCC to overturn the new Title II classification. A win for the ISPs in that case could doom the new privacy proposal, since it's tied to Title II. FCC officials said they are confident of winning in court but will seek public comment on whether the commission could use other sources of authority just in case the court rules against Title II for broadband.

Wheeler's proposal is already being criticized by anti-regulation groups and broadband providers. "We are disappointed by Chairman Wheeler's apparent decision to propose prescriptive rules on ISPs that are at odds with the requirements imposed on other large online entities," said the National Cable & Telecommunications Association, a lobby group for cable companies. "Large online entities" is apparently a reference to Google and other Web services providers.

Republican FCC Commissioner Michael O'Rielly criticized the proposal, saying that Wheeler is taking a "reckless approach to an important topic, especially where it clearly lacks expertise, personnel, or understanding."

The FCC should leave privacy enforcement to the Federal Trade Commission, Free State Foundation President Randolph May said in a written statement. "Given the FTC's general privacy jurisdiction and its expertise, there is no reason for the FCC to embark on a new regulatory project that duplicates the work of another agency, especially when there is no evidence the FTC has not been active in protecting consumer privacy," May said.

Internet providers made similar arguments before Wheeler's proposal came out. Consumer advocates argue that the FCC can take a stronger stance on privacy than the FTC has.

“We applaud the Chairman for taking a decisive step to protect consumers," attorney Meredith Rose of consumer advocacy group Public Knowledge said today. "That he has done so despite overwhelming industry opposition shows a deep commitment to the Commission’s role as a consumer protection agency. Laws enshrining the right of consumers to enjoy safe, secure communication date back to the very earliest days of the Postal Service; and, much as access to letter carriers was at that time—and access to the telephone network was a generation ago—access to broadband Internet today is an absolutely necessary conduit for participation in modern society."