FEDERAL COMMUNICATIONS COMMISSION 
WASHINGTON 
OFFICE OF 
THE CHAIRMAN 
The Honorable Richard Blumenthal 
United States Senate 
706 Hart Senate Office Building 
Washington, DC 20510 
Dear Senator Blumenthal: 
May 25,2016 
Thank you for your letter supporting the Commission' s work to adopt rules protecting the 
privacy of broadband customers' personal information. 
As you know, I share your appreciation for the extraordinary economic and social 
benefits brought about by the availability of Internet access and the proliferation of connected 
devices. I also share your commitment to consumer privacy and your concern about the use and 
sharing of customer data by Internet service providers (ISPs ), in light of the position they occupy 
as gatekeepers between their customers and the Internet. Once a consumer subscribes to an ISP, 
it is difficult to change providers or avoid that network. Further, an ISP handles all of a 
consumer' s network traffic, allowing a broadband provider a broad view of all of its customer' s 
unencrypted online activity and, even if data is encrypted, a broadband provider has the ability to 
piece together significant amounts of information about its customers based on their online 
activity. 
As you correctly pointed out, Congress gave the Commission special responsibilities to 
safeguard consumer privacy in their use of communications networks. I am proud of the 
Commission' s long history of steadfastly protecting consumers against misuse of their 
information by requiring that networks obtain their customers' approval before repurposing or 
reselling customer information. Protecting the privacy of Americans makes just as much sense 
in the world of broadband as it has for the past 20 years in the world of telephone calls, 
especially following the Commission' s reclassification of broadband Internet access service 
(BIAS) in the 2015 Open Internet Order. 
I am pleased to report that the broadband privacy Notice of Proposed Rulemaking 
(NPRM), adopted by the Commission in late March, sets forth a path forward towards final rules 
that will provide clear guidance to ISPs and their customers about how the privacy requirements 
of Section 222 apply to BIAS providers. When designing the NPRM, we considered your 
valuable input and that of ISPs, public interest groups, and other stakeholders. 
The Commission's proposal is built on the same principles that you highlighted in your 
letter- transparency, choice and security. Under the Commission ' s proposal, consumers would 
have the right to exercise control over what personal data their broadband provider uses and 
Page 2-The Honorable Richard Blumenthal 
under what circumstances it shares consumers' personal information with third parties or 
affiliated companies. Consumers would also know what information is being collected about 
them and how it is being used, with this information provided in an easily understandable and 
accessible manner. And, if a broadband provider is collecting and storing information about its 
customers, it will have a responsibility to make sure that information is secure as well as notify 
consumers about data breaches. 
The NPRM proposes to allow ISPs to use and share customer data necessary to deliver 
broadband services, and for certain other purposes consistent with customer expectations, 
without additional consumer consent. Further, an ISP and its affiliates that offer 
communications-related services would be able to market other communications-related services 
to the ISP's customers unless a customer affirmatively opts out. However, under the proposed 
rules, other uses and sharing of consumer data would require the affirmative choice of a 
consumer to decide how his or her information should be used through affirmative "opt-in" 
consent from customers. The NPRM also seeks comment on alternative mechanisms for 
safeguarding consumer choice, such as requiring opt-in approval for sensitive information. 
Additionally, similar to the suggestions in your letter, the Commission' s proposal defines 
the information that would be protected under section 222 as customer proprietary information 
("customer PI"). Included therein are "customer proprietary network information (CPNI)" as 
established by section 222(c); and personally identifiable information (PII) collected by the 
broadband providers through their provision of BIAS, as included within the proprietary 
information protected by section 222(a). The proposal also seeks public comment on whether 
the Commission' s existing complaint resolution process is sufficient to address customer 
complaints with respect to the collection, use, and disclosure of customer information covered by 
the proposed rules or if BIAS providers currently do or should provide other dispute resolution 
mechanisms. 
Thank you again for reaching out to me with your perspectives. I have asked that your 
letter be added to the record of the rulemaking proceeding, so that it can be considered as part of 
the public record that informs the next steps in the Commission' s broadband privacy rulemaking 
of the Commission. 
Please do not hesitate to contact me if I can be of further assistance. 
Sincerely, 
FEDERAL COMMUNICATIONS COMMISSION 
WASHINGTON 
OFFICE OF 
THE CHAIRMAN 
The Honorable Cory Booker 
United States Senate 
359 Dirksen Senate Office Building 
Washington, DC 20510 
Dear Senator Booker: 
May 25,2016 
Thank you for your letter supporting the Commission's work to adopt rules protecting the 
privacy of broadband customers' personal information. 
As you know, I share your appreciation for the extraordinary economic and social 
benefits brought about by the availability of Internet access and the proliferation of connected 
devices. I also share your commitment to consumer privacy and your concern about the use and 
sharing of customer data by Internet service providers (ISPs ), in light of the position they occupy 
as gatekeepers between their customers and the Internet. Once a consumer subscribes to an ISP, 
it is difficult to change providers or avoid that network. Further, an ISP handles all of a 
consumer's network traffic, allowing a broadband provider a broad view of all of its customer's 
unencrypted online activity and, even if data is encrypted, a broadband provider has the ability to 
piece together significant amounts of information about its customers based on their online 
activity. 
As you correctly pointed out, Congress gave the Commission special responsibilities to 
safeguard consumer privacy in their use of communications networks. I am proud of the 
Commission's long history of steadfastly protecting consumers against misuse of their 
information by requiring that networks obtain their customers' approval before repurposing or 
reselling customer information. Protecting the privacy of Americans makes just as much sense 
in the world of broadband as it has for the past 20 years in the world of telephone calls, 
especially following the Commission's reclassification of broadband Internet access service 
(BIAS) in the 2015 Open Internet Order. 
I am pleased to report that the broadband privacy Notice of Proposed Rulemaking 
(NPRM), adopted by the Commission in late March, sets forth a path forward towards final rules 
that will provide clear guidance to ISPs and their customers about how the privacy requirements 
of Section 222 apply to BIAS providers. When designing the NPRM, we considered your 
valuable input and that of ISPs, public interest groups, and other stakeholders. 
The Commission' s proposal is built on the same principles that you highlighted in your 
letter- transparency, choice and security. Under the Commission's proposal, consumers would 
have the right to exercise control over what personal data their broadband provider uses and 
Page 2-The Honorable Cory Booker 
under what circumstances it shares consumers' personal information with third parties or 
affiliated companies. Consumers would also know what information is being collected about 
them and how it is being used, with this information provided in an easily understandable and 
accessible manner. And, if a broadband provider is collecting and storing information about its 
customers, it will have a responsibility to make sure that information is secure as well as notify 
consumers about data breaches. 
The NPRM proposes to allow ISPs to use and share customer data necessary to deliver 
broadband services, and for certain other purposes consistent with customer expectations, 
without additional consumer consent. Further, an ISP and its affiliates that offer 
communications-related services would be able to market other communications-related services 
to the ISP's customers unless a customer affirmatively opts out. However, under the proposed 
rules, other uses and sharing of consumer data would require the affirmative choice of a 
consumer to decide how his or her information should be used through affirmative "opt-in" 
consent from customers. The NPRM also seeks comment on alternative mechanisms for 
safeguarding consumer choice, such as requiring opt-in approval for sensitive information. 
Additionally, similar to the suggestions in your letter, the Commission' s proposal defines 
the information that would be protected under section 222 as customer proprietary information 
("customer PI"). Included therein are "customer proprietary network information (CPNI)" as 
established by section 222( c); and personally identifiable information (PII) collected by the 
broadband providers through their provision of BIAS, as included within the proprietary 
information protected by section 222(a). The proposal also seeks public comment on whether 
the Commission' s existing complaint resolution process is sufficient to address customer 
complaints with respect to the collection, use, and disclosure of customer information covered by 
the proposed rules or if BIAS providers currently do or should provide other dispute resolution 
mechanisms. 
Thank you again for reaching out to me with your perspectives. I have asked that your 
letter be added to the record of the rulemaking proceeding, so that it can be considered as part of 
the public record that informs the next steps in the Commission' s broadband privacy rulemaking 
of the Commission. 
Please do not hesitate to contact me if I can be of further assistance. 
Sincerely, 
FEDERAL COMMUNICATIONS COMMISSION 
WASHINGTON 
OFFICE OF 
THE CHAIRMAN 
The Honorable Al Franken 
United States Senate 
309 Hart Senate Office Building 
Washington, DC 20510 
Dear Senator Franken: 
May 25,2016 
Thank you for your letter supporting the Commission's work to adopt rules protecting the 
privacy of broadband customers' personal information. 
As you know, I share your appreciation for the extraordinary economic and social 
benefits brought about by the availability of Internet access and the proliferation of connected 
devices. I also share your commitment to consumer privacy and your concern about the use and 
sharing of customer data by Internet service providers (ISPs ), in light of the position they occupy 
as gatekeepers between their customers and the Internet. Once a consumer subscribes to an ISP, 
it is difficult to change providers or avoid that network. Further, an ISP handles all of a 
consumer' s network traffic, allowing a broadband provider a broad view of all of its customer' s 
unencrypted online activity and, even if data is encrypted, a broadband provider has the ability to 
piece together significant amounts of information about its customers based on their online 
activity. 
As you correctly pointed out, Congress gave the Commission special responsibilities to 
safeguard consumer privacy in their use of communications networks. I am proud of the 
Commission' s long history of steadfastly protecting consumers against misuse oftheir 
information by requiring that networks obtain their customers' approval before repurposing or 
reselling customer information. Protecting the privacy of Americans makes just as much sense 
in the world of broadband as it has for the past 20 years in the world of telephone calls, 
especially following the Commission' s reclassification of broadband Internet access service 
(BIAS) in the 2015 Open Internet Order. 
I am pleased to report that the broadband privacy Notice of Proposed Rulemaking 
(NPRM), adopted by the Commission in late March, sets forth a path forward towards final rules 
that will provide clear guidance to ISPs and their customers about how the privacy requirements 
of Section 222 apply to BIAS providers. When designing the NPRM, we considered your 
valuable input and that of ISPs, public interest groups, and other stakeholders. 
The Commission' s proposal is built on the same principles that you highlighted in your 
letter- transparency, choice and security. Under the Commission's proposal, consumers would 
have the right to exercise control over what personal data their broadband provider uses and 
Page 2-The Honorable Al Franken 
under what circumstances it shares consumers' personal information with third parties or 
affiliated companies. Consumers would also know what information is being collected about 
them and how it is being used, with this information provided in an easily understandable and 
accessible manner. And, if a broadband provider is collecting and storing information about its 
customers, it will have a responsibility to make sure that information is secure as well as notify 
consumers about data breaches. 
The NPRM proposes to allow ISPs to use and share customer data necessary to deliver 
broadband services, and for certain other purposes consistent with customer expectations, 
without additional consumer consent. Further, an ISP and its affiliates that offer 
communications-related services would be able to market other communications-related services 
to the ISP's customers unless a customer affirmatively opts out. However, under the proposed 
rules, other uses and sharing of consumer data would require the affirmative choice of a 
consumer to decide how his or her information should be used through affirmative "opt-in" 
consent from customers. The NPRM also seeks comment on alternative mechanisms for 
safeguarding consumer choice, such as requiring opt-in approval for sensitive information. 
Additionally, similar to the suggestions in your letter, the Commission' s proposal defines 
the information that would be protected under section 222 as customer proprietary information 
("customer PI"). Included therein are "customer proprietary network information (CPNI)" as 
established by section 222(c); and personally identifiable information (PII) collected by the 
broadband providers through their provision of BIAS, as included within the proprietary 
information protected by section 222(a). The proposal also seeks public comment on whether 
the Commission's existing complaint resolution process is sufficient to address customer 
complaints with respect to the collection, use, and disclosure of customer information covered by 
the proposed rules or if BIAS providers currently do or should provide other dispute resolution 
mechanisms. 
Thank you again for reaching out to me with your perspectives. I have asked that your 
letter be added to the record of the rulemaking proceeding, so that it can be considered as part of 
the public record that informs the next steps in the Commission ' s broadband privacy rulemaking 
of the Commission. 
Please do not hesitate to contact me if I can be of further assistance. 
FEDERAL COMMUNICATIONS COMMISSION 
WASHINGTON 
OFFICE OF 
THE CHAIRMAN 
The Honorable Patrick J. Leahy 
United States Senate 
437 Russell Senate Office Building 
Washington, DC 20510 
Dear Senator Leahy: 
May 25,2016 
Thank you for your letter supporting the Commission's work to adopt rules protecting the 
privacy of broadband customers' personal information. 
As you know, I share your appreciation for the extraordinary economic and social 
benefits brought about by the availability of Internet access and the proliferation of connected 
devices. I also share your commitment to consumer privacy and your concern about the use and 
sharing of customer data by Internet service providers (ISPs ), in light of the position they occupy 
as gatekeepers between their customers and the Internet. Once a consumer subscribes to an ISP, 
it is difficult to change providers or avoid that network. Further, an ISP handles all of a 
consumer's network traffic, allowing a broadband provider a broad view of all of its customer's 
unencrypted online activity and, even if data is encrypted, a broadband provider has the ability to 
piece together significant amounts of information about its customers based on their online 
activity. 
As you correctly pointed out, Congress gave the Commission special responsibilities to 
safeguard consumer privacy in their use of communications networks. I am proud of the 
Commission's long history of steadfastly protecting consumers against misuse oftheir 
information by requiring that networks obtain their customers' approval before repurposing or 
reselling customer information. Protecting the privacy of Americans makes just as much sense 
in the world of broadband as it has for the past 20 years in the world of telephone calls, 
especially following the Commission's reclassification of broadband Internet access service 
(BIAS) in the 2015 Open Internet Order. 
I am pleased to report that the broadband privacy Notice of Proposed Rulemaking 
(NPRM), adopted by the Commission in late March, sets forth a path forward towards final rules 
that will provide clear guidance to ISPs and their customers about how the privacy requirements 
of Section 222 apply to BIAS providers. When designing the NPRM, we considered your 
valuable input and that of ISPs, public interest groups, and other stakeholders. 
The Commission's proposal is built on the same principles that you highlighted in your 
letter- transparency, choice and security, Under the Commission's proposal, consumers would 
have the right to exercise control over what personal data their broadband provider uses and 
Page 2-The Honorable Patrick J. Leahy 
under what circumstances it shares consumers' personal information with third parties or 
affiliated companies. Consumers would also know what information is being collected about 
them and how it is being used, with this information provided in an easily understandable and 
accessible manner. And, if a broadband provider is collecting and storing information about its 
customers, it will have a responsibility to make sure that information is secure as well as notify 
consumers about data breaches. 
The NPRM proposes to allow ISPs to use and share customer data necessary to deliver 
broadband services, and for certain other purposes consistent with customer expectations, 
without additional consumer consent. Further, an ISP and its affiliates that offer 
communications-related services would be able to market other communications-related services 
to the ISP's customers unless a customer affirmatively opts out. However, under the proposed 
rules, other uses and sharing of consumer data would require the affirmative choice of a 
consumer to decide how his or her information should be used through affirmative "opt-in" 
consent from customers. The NPR1v1 also seeks comment on alternative mechanisms for 
safeguarding consumer choice, such as requiring opt-in approval for sensitive information. 
Additionally, similar to the suggestions in your letter, the Commission's proposal defines 
the information that would be protected under section 222 as customer proprietary information 
("customer PI"). Included therein are "customer proprietary network information (CPNI)" as 
established by section 222(c); and personally identifiable information (PII) collected by the 
broadband providers through their provision of BIAS, as included within the proprietary 
information protected by section 222(a). The proposal also seeks public comment on whether 
the Commission's existing complaint resolution process is sufficient to address customer 
complaints with respect to the collection, use, and disclosure of customer information covered by 
the proposed rules or if BIAS providers currently do or should prvvide other dispute resolution 
mechanisms. 
Thank you again for reaching out to me with your perspectives. I have asked that your 
letter be added to the record of the rulemakiag proceeding, so that it can be considered as part of 
the public record that informs the next steps in the Commission's broadband privacy rulemaking 
ofthe Commission. 
Please do not hesitate to contact me if I can be of further assistance. 
FEDERAL COMMUNICATIONS COMMISSION 
WASHINGTON 
OFFICE OF 
THE CHAIRMAN 
The Honorable Edward J. Markey 
United States Senate 
255 Dirksen Senate Office Building 
Washington, DC 20510 
Dear Senator Markey: 
May 25,2016 
Thank you for your letter supporting the Commission's work to adopt rules protecting the 
privacy of broadband customers' personal information. 
As you know, I share your appreciation for the extraordinary economic and social 
benefits brought about by the availability of Internet access and the proliferation of connected 
devices. I also share your commitment to consumer privacy and your concern about the use and 
sharing of customer data by Internet service providers (ISPs ), in light of the position they occupy 
as gatekeepers between their customers and the Internet. Once a consumer subscribes to an ISP, 
it is difficult to change providers or avoid that network. Further, an ISP handles all of a 
consumer's network traffic, allowing a broadband provider a broad view of all of its customer's 
unencrypted online activity and, even if data is encrypted, a broadband provider has the ability to 
piece together significant amounts of information about its customers based on their online 
activity. 
As you correctly pointed out, Congress gave the Commission special responsibilities to 
safeguard consumer privacy in their use of communications networks. I am proud of the 
Commission's long history of steadfastly protecting consumers against misuse of their 
information by requiring that networks obtain their customers' approval before repurposing or 
reselling customer information. Protecting the privacy of Americans makes just as much sense 
in the world of broadband as it has for the past 20 years in the world of telephone calls, 
especially following the Commission's reclassification of broadband Internet access service 
(BIAS) in the 2015 Open Internet Order. 
I am pleased to report that the broadband privacy Notice of Proposed Rulemaking 
(NPRM), adopted by the Commission in late March, sets forth a path forward towards final rules 
that will provide clear guidance to ISPs and their customers about how the privacy requirements 
of Section 222 apply to BIAS providers. When designing the NPRM, we considered your 
valuable input and that of ISPs, public interest groups, and other stakeholders. 
The Commission's proposal is built on the same principles that you highlighted in your 
letter- transparency, choice and security. Under the Commission's proposal, consumers would 
have the right to exercise control over what personal data their broadband provider uses and 
Page 2-The Honorable Edward J. Markey 
under what circumstances it shares consumers' personal information with third parties or 
affiliated companies. Consumers would also know what information is being collected about 
them and how it is being used, with this information provided in an easily understandable and 
accessible manner. And, if a broadband provider is collecting and storing information about its 
customers, it will have a responsibility to make sure that information is secure as well as notify 
consumers about data breaches. 
The NPRM proposes to allow ISPs to use and share customer data necessary to deliver 
broadband services, and for certain other purposes consistent with customer expectations, 
without additional consumer consent. Further, an ISP and its affiliates that offer 
communications-related services would be able to market other communications-related services 
to the ISP's customers unless a customer affirmatively opts out. However, under the proposed 
rules, other uses and sharing of consumer data would require the affirmative choice of a 
consumer to decide how his or her information should be used through affirmative "opt-in" 
consent from customers. The NPRM also seeks comment on alternative mechanisms for 
safeguarding consumer choice, such as requiring opt-in approval for sensitive information. 
Additionally, similar to the suggestions in your letter, the Commission' s proposal defines 
the information that would be protected under section 222 as customer proprietary information 
("customer PI"). Included therein are "customer proprietary network information (CPNI)" as 
established by section 222( c); and personally identifiable information (PII) collected by the 
broadband providers through their provision of BIAS, as included within the proprietary 
information protected by section 222(a). The proposal also seeks public comment on whether 
the Commission' s existing complaint resolution process is sufficient to address customer 
complaints with respect to the collection, use, and disclosure of customer information covered by 
the proposed rules or if BIAS providers currently do or should provide other dispute resolution 
mechanisms. 
Thank you again for reaching out to me with your perspectives. I have asked that your 
letter be added to the record of the rulemaking proceeding, so that it can be considered as part of 
the public record that informs the next steps in the Commission' s broadband privacy rulemaking 
of the Commission. 
Please do not hesitate to contact me if I can be of further assistance. 
Sincerely, 
FEDERAL COMMUNICATIONS COMMISSION 
WASHINGTON 
OFFICE OF 
THE CHAIRMAN 
The Honorable JeffMerkley 
United States Senate 
313 Hart Senate Office Building 
Washington, DC 20510 
Dear Senator Merkley: 
May 25, 2016 
Thank you for your letter supporting the Commission' s work to adopt rules protecting the 
privacy ofbroadband customers' personal information. 
As you know, I share your appreciation for the extraordinary economic and social 
benefits brought about by the availability of Internet access and the proliferation of connected 
devices. I also share your commitment to consumer privacy and your concern about the use and 
sharing of customer data by Internet service providers (ISPs ), in light of the position they occupy 
as gatekeepers between their customers and the Internet. Once a consumer subscribes to an ISP, 
it is difficult to change providers or avoid that network. Further, an ISP handles all of a 
consumer' s network traffic, allowing a broadband provider a broad view of all of its customer' s 
unencrypted online activity and, even if data is encrypted, a broadband provider has the ability to 
piece together significant amounts of information about its customers based on their online 
activity. 
As you correctly pointed out, Congress gave the Commission special responsibilities to 
safeguard consumer privacy in their use of communications networks. I am proud of the 
Commission' s long history of steadfastly protecting consumers against misuse of their 
information by requiring that networks obtain their customers' approval before repurposing or 
reselling customer information. Protecting the privacy of Americans makes just as much sense 
in the world of broadband as it has for the past 20 years in the world of telephone calls, 
especially following the Commission' s reclassification of broadband Internet access service 
(BIAS) in the 2015 Open Internet Order. 
I am pleased to report that the broadband privacy Notice of Proposed Rulemaking 
(NPRM), adopted by the Commission in late March, sets forth a path forward towards final rules 
that will provide clear guidance to ISPs and their customers about how the privacy requirements 
of Section 222 apply to BIAS providers. When designing the NPRM, we considered your 
valuable input and that of ISPs, public interest groups, and other stakeholders. 
The Commission' s proposal is built on the same principles that you highlighted in your 
letter- transparency, choice and security. Under the Commission's proposal, consumers would 
have the right to exercise control over what personal data their broadband provider uses and 
Page 2-The Honorable Jeff Merkley 
under what circumstances it shares consumers' personal information with third parties or 
affiliated companies. Consumers would also know what information is being collected about 
them and how it is being used, with this information provided in an easily understandable and 
accessible manner. And, if a broadband provider is collecting and storing information about its 
customers, it will have a responsibility to make sure that information is secure as well as notify 
consumers about data breaches. 
The NPRM proposes to allow ISPs to use and share customer data necessary to deliver 
broadband services, and for certain other purposes consistent with customer expectations, 
without additional consumer consent. Further, an ISP and its affiliates that offer 
communications-related services would be able to market other communications-related services 
to the ISP's customers unless a customer affirmatively opts out. However, under the proposed 
rules, other uses and sharing of consumer data would require the affirmative choice of a 
consumer to decide how his or her information should be used through affirmative "opt-in" 
consent from customers. The NPRM also seeks comment on alternative mechanisms for 
safeguarding consumer choice, such as requiring opt-in approval for sensitive information. 
Additionally, similar to the suggestions in your letter, the Commission's proposal defines 
the information that would be protected under section 222 as customer proprietary information 
("customer PI"). Included therein are "customer proprietary network information (CPNI)" as 
established by section 222(c); and personally identifiable information (PII) collected by the 
broadband providers through their provision of BIAS, as included within the proprietary 
information protected by section 222(a). The proposal also seeks public comment on whether 
the Commission' s existing complaint resolution process is sufficient to address customer 
complaints with respect to the collection, use, and disclosure of customer information covered by 
the proposed rules or if BIAS providers currently do or should provide other dispute resolution 
mechanisms. 
Thank you again for reaching out to me with your perspectives. I have asked that your 
letter be added to the record of the rulemaking proceeding, so that it can be considered as part of 
the public record that informs the next steps in the Commission' s broadband privacy rulemaking 
of the Commission. 
Please do not hesitate to contact me if I can be of further assistance. 
Sincerely, 
FEDERAL COMMUNICATIONS COMMISSION 
WASHINGTON 
OFFICE OF 
THE CHAIRMAN 
The Honorable Bernard Sanders 
United States Senate 
332 Dirksen Senate Office Building 
Washington, DC 20510 
Dear Senator Sanders: 
May 25,2016 
Thank you for your letter supporting the Commission's work to adopt rules protecting the 
privacy of broadband customers' personal information. 
As you know, I share your appreciation for the extraordinary economic and social 
benefits brought about by the availability of Internet access and the proliferation of connected 
devices. I also share your commitment to consumer privacy and your concern about the use and 
sharing of customer data by Internet service providers (ISPs ), in light of the position they occupy 
as gatekeepers between their customers and the Internet. Once a consumer subscribes to an ISP, 
it is difficult to change providers or avoid that network. Further, an ISP handles all of a 
consumer' s network traffic, allowing a broadband provider a broad view of all of its customer' s 
unencrypted online activity and, even if data is encrypted, a broadband provider has the ability to 
piece together significant amounts of information about its customers based on their online 
activity. 
As you correctly pointed out, Congress gave the Commission special responsibilities to 
safeguard consumer privacy in their use of communications networks. I am proud of the 
Commission's long history of steadfastly protecting consumers against misuse of their 
information by requiring that networks obtain their customers' approval before repurposing or 
reselling customer information. Protecting the privacy of Americans makes just as much sense 
in the world of broadband as it has for the past 20 years in the world of telephone calls, 
especially following the Commission' s reclassification of broadband Internet access service 
(BIAS) in the 2015 Open Internet Order. 
I am pleased to report that the broadband privacy Notice of Proposed Rulemaking 
(NPRM), adopted by the Commission in late March, sets forth a path forward towards final rules 
that will provide clear guidance to ISPs and their customers about how the privacy requirements 
of Section 222 apply to BIAS providers. When designing the NPRM, we considered your 
valuable input and that of ISPs, public interest groups, and other stakeholders. 
The Commission' s proposal is built on the same principles that you highlighted in your 
letter- transparency, choice and security. Under the Commission's proposal, consumers would 
have the right to exercise control over what personal data their broadband provider uses and 
Page 2-The Honorable Bernard Sanders 
under what circumstances it shares consumers' personal information with third parties or 
affiliated companies. Consumers would also know what information is being collected about 
them and how it is being used, with this information provided in an easily understandable and 
accessible manner. And, if a broadband provider is collecting and storing information about its 
customers, it will have a responsibility to make sure that information is secure as well as notify 
consumers about data breaches. 
The NPRM proposes to allow ISPs to use and share customer data necessary to deliver 
broadband services, and for certain other purposes consistent with customer expectations, 
without additional consumer consent. Further, an ISP and its affiliates that offer 
communications-related services would be able to market other communications-related services 
to the ISP's customers unless a customer affirmatively opts out. However, under the proposed 
rules, other uses and sharing of consumer data would require the affirmative choice of a 
consumer to decide how his or her information should be used through affirmative "opt-in" 
consent from customers. The NPRM also seeks comment on alternative mechanisms for 
safeguarding consumer choice, such as requiring opt-in approval for sensitive information. 
Additionally, similar to the suggestions in your letter, the Commission' s proposal defines 
the information that would be protected under section 222 as customer proprietary information 
("customer PI"). Included therein are "customer proprietary network information (CPNI)" as 
established by section 222( c); and personally identifiable information (PII) collected by the 
broadband providers through their provision of BIAS, as included within the proprietary 
information protected by section 222(a). The proposal also seeks public comment on whether 
the Commission' s existing complaint resolution process is sufficient to address customer 
complaints with respect to the collection, use, and disclosure of customer information covered by 
the proposed rules or if BIAS providers currently do or should provide other dispute resolution 
mechanisms. 
Thank you again for reaching out to me with your perspectives. I have asked that your 
letter be added to the record of the rulemaking proceeding, so that it can be considered as part of 
the public record that informs the next steps in the Commission's broadband privacy rulemaking 
of the Commission. 
Please do not hesitate to contact me if I can be of further assistance. 
Sincerely~~ 
~~~ 
FEDERAL COMMUNICATIONS COMMISSION 
WASHINGTON 
OFFICE OF 
THE CHAIRMAN 
The Honorable Elizabeth Warren 
United States Senate 
317 Hart Senate Office Building 
Washington, DC 20510 
Dear Senator Warren: 
May 25,2016 
Thank you for your letter supporting the Commission' s work to adopt rules protecting the 
privacy of broadband customers' personal information. 
As you know, I share your appreciation for the extraordinary economic and social 
benefits brought about by the availability of Internet access and the proliferation of connected 
devices. I also share your commitment to consumer privacy and your concern about the use and 
sharing of customer data by Internet service providers (ISPs ), in light of the position they occupy 
as gatekeepers between their customers and the Internet. Once a consumer subscribes to an ISP, 
it is difficult to change providers or avoid that network. Further, an ISP handles all of a 
consumer' s network traffic, allowing a broadband provider a broad view of all of its customer' s 
unencrypted online activity and, even if data is encrypted, a broadband provider has the ability to 
piece together significant amounts of information about its customers based on their online 
activity. 
As you correctly pointed out, Congress gave the Commission special responsibilities to 
safeguard consumer privacy in their use of communications networks. I am proud of the 
Commission' s long history of steadfastly protecting consumers against misuse of their 
information by requiring that networks obtain their customers' approval before repurposing or 
reselling customer information. Protecting the privacy of Americans makes just as much sense 
in the world of broadband as it has for the past 20 years in the world of telephone calls, 
especially following the Commission' s reclassification of broadband Internet access service 
(BIAS) in the 2015 Open Internet Order. 
I am pleased to report that the broadband privacy Notice of Proposed Rulemaking 
(NPRM), adopted by the Commission in late March, sets forth a path forward towards final rules 
that will provide clear guidance to ISPs and their customers about how the privacy requirements 
of Section 222 apply to BIAS providers. When designing the NPRM, we considered your 
valuable input and that of ISPs, public interest groups, and other stakeholders. 
The Commission' s proposal is built on the same principles that you highlighted in your 
letter- transparency, choice and security. Under the Commission' s proposal, consumers would 
have the right to exercise control over what personal data their broadband provider uses and 
Page 2-The Honorable Elizabeth Warren 
under what circumstances it shares consumers' personal information with third parties or 
affiliated companies. Consumers would also know what information is being collected about 
them and how it is being used, with this information provided in an easily understandable and 
accessible manner. And, if a broadband provider is collecting and storing information about its 
customers, it will have a responsibility to make sure that information is secure as well as notify 
consumers about data breaches. 
The NPRM proposes to allow ISPs to use and share customer data necessary to deliver 
broadband services, and for certain other purposes consistent with customer expectations, 
without additional consumer consent. Further, an ISP and its affiliates that offer 
communications-related services would be able to market other communications-related services 
to the ISP ' s customers unless a customer affirmatively opts out. However, under the proposed 
rules, other uses and sharing of consumer data would require the affirmative choice of a 
consumer to decide how his or her information should be used through affirmative "opt-in" 
consent from customers. The NPRM also seeks comment on alternative mechanisms for 
safeguarding consumer choice, such as requiring opt-in approval for sensitive information. 
Additionally, similar to the suggestions in your letter, the Commission' s proposal defines 
the information that would be protected under section 222 as customer proprietary information 
("customer PI"). Included therein are "customer proprietary network information (CPNI)" as 
established by section 222( c); and personally identifiable information (PII) collected by the 
broadband providers through their provision of BIAS, as included within the proprietary 
information protected by section 222(a). The proposal also seeks public comment on whether 
the Commission' s existing complaint resolution process is sufficient to address customer 
complaints with respect to the collection, use, and disclosure of customer information covered by 
the proposed rules or if BIAS providers currently do or should provide other dispute resolution 
mechanisms. 
Thank you again for reaching out to me with your perspectives. I have asked that your 
letter be added to the record of the rulemaking proceeding, so that it can be considered as part of 
the public record that informs the next steps in the Commission' s broadband privacy rulemaking 
of the Commission. 
Please do not hesitate to contact me if I can be of further assistance. 
Sincerely, 
FEDERAL COMMUNICATIONS COMMISSION 
WASHINGTON 
OFFICE OF 
THE CHAIRMAN 
The Honorable Ron Wyden 
United States Senate 
221 Dirksen Senate Office Building 
Washington, DC 20510 
Dear Senator Wyden: 
May 25,2016 
Thank you for your letter supporting the Commission's work to adopt rules protecting the 
privacy of broadband customers' personal information. 
As you know, I share your appreciation for the extraordinary economic and social 
benefits brought about by the availability of Internet access and the proliferation of connected 
devices. I also share your commitment to consumer privacy and your concern about the use and 
sharing of customer data by Internet service providers (ISPs ), in light of the position they occupy 
as gatekeepers between their customers and the Internet. Once a consumer subscribes to an ISP, 
it is difficult to change providers or avoid that network. Further, an ISP handles all of a 
consumer's network traffic, allowing a broadband provider a broad view of all of its customer's 
unencrypted online activity and, even if data is encrypted, a broadband provider has the ability to 
piece together significant amounts of information about its customers based on their online 
activity. 
As you correctly pointed out, Congress gave the Commission special responsibilities to 
safeguard consumer privacy in their use of communications networks. I am proud of the 
Commission's long history of steadfastly protecting consumers against misuse of their 
information by requiring that networks obtain their customers' approval before repurposing or 
reselling customer information. Protecting the privacy of Americans makes just as much sense 
in the world of broadband as it has for the past 20 years in the world of telephone calls, 
especially following the Commission' s reclassification of broadband Internet access service 
(BIAS) in the 2015 Open Internet Order. 
I am pleased to report that the broadband privacy Notice of Proposed Rulemaking 
(NPRM), adopted by the Commission in late March, sets forth a path forward towards final rules 
that will provide clear guidance to ISPs and their customers about how the privacy requirements 
of Section 222 apply to BIAS providers. When designing the NPRM, we considered your 
valuable input and that of ISPs, public interest groups, and other stakeholders. 
The Commission's proposal is built on the same principles that you highlighted in your 
letter - transparency, choice and security. Under the Commission's proposal, consumers would 
have the right to exercise control over what personal data their broadband provider uses and 
Page 2-The Honorable Ron Wyden 
under what circumstances it shares consumers' personal information with third parties or 
affiliated companies. Consumers would also know what information is being collected about 
them and how it is being used, with this information provided in an easily understandable and 
accessible manner. And, if a broadband provider is collecting and storing information about its 
customers, it will have a responsibility to make sure that information is secure as well as notify 
consumers about data breaches. 
The NPRM proposes to allow ISPs to use and share customer data necessary to deliver 
broadband services, and for certain other purposes consistent with customer expectations, 
without additional consumer consent. Further, an ISP and its affiliates that offer 
communications-related services would be able to market other communications-related services 
to the ISP ' s customers unless a customer affirmatively opts out. However, under the proposed 
rules, other uses and sharing of consumer data would require the affirmative choice of a 
consumer to decide how his or her information should be used through affirmative "opt-in" 
consent from customers. The NPRM also seeks comment on alternative mechanisms for 
safeguarding consumer choice, such as requiring opt-in approval for sensitive information. 
Additionally, similar to the suggestions in your letter, the Commission' s proposal defines 
the information that would be protected under section 222 as customer proprietary information 
("customer PI"). Included therein are "customer proprietary network information (CPNI)" as 
established by section 222(c); and personally identifiable information (PII) collected by the 
broadband providers through their provision of BIAS, as included within the proprietary 
information protected by section 222(a). The proposal also seeks public comment on whether 
the Commission' s existing complaint resolution process is sufficient to address customer 
complaints with respect to the collection, use, and disclosure of customer information covered by 
the proposed rules or if BIAS providers currently do or should provide other dispute resolution 
mechanisms. 
Thank you again for reaching out to me with your perspectives. I have asked that your 
letter be added to the record of the rulemaking proceeding, so that it can be considered as part of 
the public record that informs the next steps in the Commission' s broadband privacy rulemaking 
of the Commission. 
Please do not hesitate to contact me if I can be of further assistance. 
Sincerely,