[Congressional Bills 115th Congress] [From the U.S. Government Publishing Office] [S. 878 Introduced in Senate (IS)] <DOC> 115th CONGRESS 1st Session S. 878 To establish privacy protections for customers of broadband Internet access service and other telecommunications services. _______________________________________________________________________ IN THE SENATE OF THE UNITED STATES April 6 (legislative day, April 4), 2017 Mr. Markey (for himself, Mr. Blumenthal, Ms. Warren, Mr. Sanders, Mr. Merkley, Mr. Heinrich, Mr. Udall, Mr. Leahy, Ms. Baldwin, Mr. Van Hollen, and Mr. Franken) introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and Transportation _______________________________________________________________________ A BILL To establish privacy protections for customers of broadband Internet access service and other telecommunications services. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. PRIVACY OF CUSTOMERS OF BROADBAND INTERNET ACCESS SERVICE AND OTHER TELECOMMUNICATIONS SERVICES. (a) In General.--Section 222 of the Communications Act of 1934 (47 U.S.C. 222) is amended-- (1) by redesignating subsection (h) as subsection (i); and (2) by inserting after subsection (g) the following: ``(h) Privacy of Customers of Broadband Internet Access Service and Other Telecommunications Services.-- ``(1) Definitions.--In this subsection-- ``(A) the term `broadband Internet access service' has the meaning given the term in section 8.2 of title 47, Code of Federal Regulations, or any successor regulation; ``(B) the term `customer' means-- ``(i) a current or former subscriber to a telecommunications service; or ``(ii) an applicant for a telecommunications service; ``(C) the term `customer proprietary information' means, with respect to information or content that a telecommunications carrier acquires in connection with its provision of telecommunications service-- ``(i) individually identifiable customer proprietary network information; ``(ii) personally identifiable information; and ``(iii) content of communications; ``(D) the term `opt-in approval' means a method for a telecommunications carrier to obtain customer consent to use, disclose, or permit access to the customer's customer proprietary information that requires that the telecommunications carrier obtain from the customer affirmative, express consent allowing the requested usage, disclosure, or access to the customer proprietary information after the customer is provided appropriate notification of the carrier's request; ``(E) the term `sensitive customer proprietary information' includes-- ``(i) financial information; ``(ii) health information; ``(iii) information pertaining to children; ``(iv) Social Security numbers; ``(v) precise geolocation information; ``(vi) content of communications; ``(vii) call detail information; ``(viii) web browsing history, application usage history, and the functional equivalents of either; and ``(ix) any other customary proprietary information that the Commission determines to be sensitive; and ``(F) the term `telecommunications service' includes broadband Internet access service and interconnected VoIP service. ``(2) Regulations.--In carrying out this section, the Commission shall promulgate regulations to protect the privacy of customers of telecommunications service. ``(3) Contents.--In promulgating regulations under paragraph (2), the Commission shall-- ``(A) require a telecommunications carrier to notify a customer about the collection, use, and sharing of his or her customer proprietary information, including by-- ``(i) notifying the customer about the types of customer proprietary information the carrier collects; ``(ii) specifying how and for what purposes the carrier uses and shares customer proprietary information; and ``(iii) identifying the types of entities with which the carrier shares customer proprietary information; ``(B) require a telecommunications carrier to-- ``(i) provide the notification under subparagraph (A) to a customer at the point of sale, before the purchase of service; and ``(ii) update a customer when the carrier makes a material change to a privacy policy, including any of the policies described in subparagraph (A); ``(C) require a telecommunications carrier to obtain opt-in approval from a customer to use and share his or her sensitive customer proprietary information; ``(D) implement strong protection for de-identified customary proprietary information, to prevent re- identifying such information; ``(E) prohibit a telecommunications carrier from refusing to serve a customer who doesn't consent to the use and sharing of his or her customer proprietary information for commercial purposes (commonly known as `take-it-or-leave-it offers'); and ``(F) require a telecommunications carrier to-- ``(i) develop reasonable data security practices; and ``(ii) notify customers if a breach of security has occurred.''. (b) Deadline.--The Federal Communications Commission-- (1) not later than 180 days after the date of enactment of this Act, shall promulgate regulations under section 222(h)(2) of the Communications Act of 1934 (47 U.S.C. 222(h)(2)), as added by subsection (a); and (2) shall ensure that the regulations promulgated under paragraph (1) take effect not later than 180 days after the date of promulgation. <all>