I’ve previously reported on the FCC’s expanding privacy jurisdiction. In particular, Chairman Tom Wheeler has proposed new privacy rules that will apply to Internet Service Providers (ISPs). My prior concerns about these rules include the fact that they do not apply to the so-called “edge providers” (e.g., Google, Amazon, Facebook) and so the lauded privacy protections will not cover many of consumers’ online activities.

The prior proposed rules had been open for public comment; the newly revised proposal has been amended to incorporate some of the comments and concerns that had been raised. The latest version goes to the entire Federal Communications Commission (Commission) on October 27th for a vote.

The Commission will be voting on a revised proposal that will require ISPs to tell their customers about the ways in which their personal information will be collected, used and shared. Are these good end goals? Yes — and it’s precisely because these are worthwhile and important goals that the Commission should have prepared a set of rules that would have encompassed more of the online entities with which consumers interact.

However, the new proposal has a category of “sensitive” information for which consumers would have to give affirmative permission to the ISPs before the ISPs could use and share it. The list omits such personal information as a consumer’s name and email address — this is considered “non-sensitive” and an ISP could share it unless a consumer opts-out. Why is this bad? A consumer could consider his name and/or email address sufficiently sensitive that he would want to have control over whether it’s used and shared; opt-out puts the burden on the consumer so the default is that this information will be used and shared unless the consumer takes whatever steps will be needed.

The privacy of consumers personal information will still not be protected as completely or effectively as could have been done if Chairman Wheeler and the Commission had tackled the harder issue — the one of including many of the online entities with whom consumers interact more frequently. These other entities collect as much, perhaps even more, personal information as the ISPs and are subject to far less stringent rules than the FCC’s proposal for ISPs.