[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[S. 878 Introduced in Senate (IS)]
<DOC>
115th CONGRESS
1st Session
S. 878
To establish privacy protections for customers of broadband Internet
access service and other telecommunications services.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
April 6 (legislative day, April 4), 2017
Mr. Markey (for himself, Mr. Blumenthal, Ms. Warren, Mr. Sanders, Mr.
Merkley, Mr. Heinrich, Mr. Udall, Mr. Leahy, Ms. Baldwin, Mr. Van
Hollen, and Mr. Franken) introduced the following bill; which was read
twice and referred to the Committee on Commerce, Science, and
Transportation
_______________________________________________________________________
A BILL
To establish privacy protections for customers of broadband Internet
access service and other telecommunications services.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. PRIVACY OF CUSTOMERS OF BROADBAND INTERNET ACCESS SERVICE
AND OTHER TELECOMMUNICATIONS SERVICES.
(a) In General.--Section 222 of the Communications Act of 1934 (47
U.S.C. 222) is amended--
(1) by redesignating subsection (h) as subsection (i); and
(2) by inserting after subsection (g) the following:
``(h) Privacy of Customers of Broadband Internet Access Service and
Other Telecommunications Services.--
``(1) Definitions.--In this subsection--
``(A) the term `broadband Internet access service'
has the meaning given the term in section 8.2 of title
47, Code of Federal Regulations, or any successor
regulation;
``(B) the term `customer' means--
``(i) a current or former subscriber to a
telecommunications service; or
``(ii) an applicant for a
telecommunications service;
``(C) the term `customer proprietary information'
means, with respect to information or content that a
telecommunications carrier acquires in connection with
its provision of telecommunications service--
``(i) individually identifiable customer
proprietary network information;
``(ii) personally identifiable information;
and
``(iii) content of communications;
``(D) the term `opt-in approval' means a method for
a telecommunications carrier to obtain customer consent
to use, disclose, or permit access to the customer's
customer proprietary information that requires that the
telecommunications carrier obtain from the customer
affirmative, express consent allowing the requested
usage, disclosure, or access to the customer
proprietary information after the customer is provided
appropriate notification of the carrier's request;
``(E) the term `sensitive customer proprietary
information' includes--
``(i) financial information;
``(ii) health information;
``(iii) information pertaining to children;
``(iv) Social Security numbers;
``(v) precise geolocation information;
``(vi) content of communications;
``(vii) call detail information;
``(viii) web browsing history, application
usage history, and the functional equivalents
of either; and
``(ix) any other customary proprietary
information that the Commission determines to
be sensitive; and
``(F) the term `telecommunications service'
includes broadband Internet access service and
interconnected VoIP service.
``(2) Regulations.--In carrying out this section, the
Commission shall promulgate regulations to protect the privacy
of customers of telecommunications service.
``(3) Contents.--In promulgating regulations under
paragraph (2), the Commission shall--
``(A) require a telecommunications carrier to
notify a customer about the collection, use, and
sharing of his or her customer proprietary information,
including by--
``(i) notifying the customer about the
types of customer proprietary information the
carrier collects;
``(ii) specifying how and for what purposes
the carrier uses and shares customer
proprietary information; and
``(iii) identifying the types of entities
with which the carrier shares customer
proprietary information;
``(B) require a telecommunications carrier to--
``(i) provide the notification under
subparagraph (A) to a customer at the point of
sale, before the purchase of service; and
``(ii) update a customer when the carrier
makes a material change to a privacy policy,
including any of the policies described in
subparagraph (A);
``(C) require a telecommunications carrier to
obtain opt-in approval from a customer to use and share
his or her sensitive customer proprietary information;
``(D) implement strong protection for de-identified
customary proprietary information, to prevent re-
identifying such information;
``(E) prohibit a telecommunications carrier from
refusing to serve a customer who doesn't consent to the
use and sharing of his or her customer proprietary
information for commercial purposes (commonly known as
`take-it-or-leave-it offers'); and
``(F) require a telecommunications carrier to--
``(i) develop reasonable data security
practices; and
``(ii) notify customers if a breach of
security has occurred.''.
(b) Deadline.--The Federal Communications Commission--
(1) not later than 180 days after the date of enactment of
this Act, shall promulgate regulations under section 222(h)(2)
of the Communications Act of 1934 (47 U.S.C. 222(h)(2)), as
added by subsection (a); and
(2) shall ensure that the regulations promulgated under
paragraph (1) take effect not later than 180 days after the
date of promulgation.
<all>