Broadband industry lobby groups urged the Federal Communications Commission on Thursday not to impose privacy rules that dictate "specific methods" of protecting customer data, since that would prevent "rapid innovation."

ISPs should have "flexibility" in how they protect customers' privacy and security, said the letter from the American Cable Association, Competitive Carriers Association, Consumer Technology Association, CTIA, the Internet Commerce Coalition, the National Cable & Telecommunications Association, and USTelecom. Together, these groups represent the biggest home Internet service providers and wireless carriers such as Comcast, AT&T, Verizon, Time Warner Cable, Charter, Sprint, T-Mobile, and many smaller ones.

"Rules dictating specific methods quickly become out of date and out of step with constantly changing technology, and will only hamper innovation and harm consumers," they wrote.

The debate stems from the FCC's decision to reclassify fixed and mobile broadband providers as common carriers under Title II of the Communications Act. The FCC has said it intends to enforce Section 222 of Title II, which requires telecommunications carriers to protect the confidentiality of customers' proprietary information. But since the commission's existing privacy rules apply to telephone service rather than broadband, the FCC has to draw up new rules for Internet service. The phone rules protect personal information such as the numbers customers call and when they call them.

Under Section 222, the FCC could impose some version of its Customer Proprietary Network Information (CPNI) rules on broadband providers. The ISPs' letter tried to discourage the FCC from doing so, noting that the commission's Title II decision is still undergoing judicial review. Broadband industry groups complained about potential new privacy rules in their lawsuit against the FCC's Title II reclassification, saying that CPNI rules could force them to create processes to ensure that customer data is not used in marketing without customer approval.

Although ISPs and wireless carriers already have to follow CPNI rules when they sell telephone service, they want more flexibility in broadband.

The lobby groups used some form of the word "innovate" 10 times in yesterday's letter. Specific privacy rules, they said, could "create consumer confusion and stifle innovation." Stronger privacy rules could also make it hard for ISPs to "innovate and compete" or to develop "innovative new business models" and "innovative products and services."

If the FCC does adopt Section 222 rules, it should make them similar to the Federal Trade Commission's privacy regulations, which "combine strong protections for consumers with flexibility that allows for rapid innovation," the letter said.

"Under the FTC regime, all companies in the Internet ecosystem must ensure that their privacy and data security practices are neither deceptive nor unfair," the lobby groups wrote. "As a result, consumers are protected and all companies that collect consumer data should be able to innovate and adapt to the inevitable changes in technology and the market for online services."

ISPs also have incentives to protect customer data because otherwise they might not "earn and maintain their customers' loyalty," the groups said.

ISPs are fighting against an effort led by consumer advocacy groups such as the American Civil Liberties Union, the Electronic Frontier Foundation, Free Press, and Public Knowledge. Those groups, plus a few dozen more, last month urged the FCC to make its privacy rules stronger than the FTC's.

Even FTC Commissioner Julie Brill has said she welcomes the FCC becoming a "brawnier cop on the privacy beat," the consumer advocacy groups noted in their letter.

The FCC's rules should "protect consumers from having their personal data collected and shared by their broadband provider without affirmative consent, or for purposes other than providing broadband Internet access service," the groups said. "The proposed rules should also provide for notice of data breaches, and hold broadband providers accountable for any failure to take suitable precautions to protect personal data collected from users. In addition, the rules should require broadband providers to clearly disclose their data collection practices to subscribers, and allow subscribers to ascertain to whom their data is disclosed."