Federal Communications Commission FCC 16-148
71
categories of information as sensitive, as well.
488
Despite some commenters’ assertions to the contrary,
489
the FTC does not claim to define the outer bounds of sensitive information with this list.
490
For example,
in its 2009 Staff Report on online behavioral advertising and in its comments to this proceeding, the FTC
clearly indicated that its list was non-exhaustive.
491
Furthermore, Commission precedent and consumer
expectations demonstrate strong support for certain additional categories of sensitive information. For
instance, the Commission has also afforded enhanced protection to call detail information for voice
services.
492
Consumer research also supports identifying several types of information as sensitive: the
2016 Pew study, noted by a number of commenters in the record, found that large majorities of
Americans considered Social Security numbers, health information, communications content (including
phone conversations, email, and texts), physical locations over time, phone numbers called or texted, and
web history to be sensitive.
493
Each of these categories has a clear and well attested case in the record and
in federal law for being considered sensitive.
494
179. Consistent with the FTC and the record, we conclude that precise geo-location
information is sensitive customer PI.
495
Congress specifically amended Section 222 to protect the privacy
488
FTC Staff Comments at 19-20.
489
See, e.g., Letter from Michelle R. Rosenthal, Senior Corporate Counsel, T-Mobile, to Marlene H. Dortch,
Secretary, FCC, WC Docket No. 16-106, at 1-2 (filed Oct. 14, 2016) (T-Mobile Oct. 14, 2016 Ex Parte) (asking the
Commission to “consider narrowing the scope of sensitive CPNI to the five FTC categories”); Letter from James
J.R. Talbot, Executive Director – Senior Legal Counsel, AT&T, to Marlene H. Dortch, Secretary, FCC, WC Docket
No. 16-106, at 3 (filed Oct. 17, 2016) (AT&T Oct. 17, 2016 Ex Parte) (claiming that the FTC considers information
sensitive only if it is content or “falls within the traditional categories of sensitive data”); Advertisers Oct 10, 2016
Ex Parte at 3-4 (suggesting that FTC has “long held that ‘sensitive data’ encompasses a limited set of data types”);
Letter from Sydney M. White, Counsel to Internet Commerce Coalition, to Marlene H. Dortch, Secretary, FCC, WC
Docket No. 16-106, at 2 (filed Oct. 18, 2016) (ICC Oct. 18, 2016 Ex Parte).
490
FTC 2012 Privacy Report at 58-60 (observing general consensus that five categories were sensitive).
491
See FTC, Self-Regulatory Principles for Online Behavioral Advertising: Behavioral Advertising Tracking,
Targeting, & Technology (2009) 12 (setting out the principle that “companies should obtain affirmative express
consent before they use sensitive data—for example, data about children, health, or finances—for behavioral
advertising” (emphasis added)); FTC Staff Comments at 19-20 (supporting opt-in “for sensitive information that
could be collected by BIAS providers, including: (1) content of communications and (2) Social Security numbers or
health, financial, children’s or precise geolocation data” (emphasis added)).
492
See 2007 CPNI Order, 22 FCC Rcd at 6936, para. 13 (finding that “the release of call detail over the telephone
presents an immediate risk to privacy” and imposing restrictions on its release); id. at 6936, n.45 (explaining that
“‘call detail’ or ‘call records’ includes any information that pertain to the transmission of specific telephone calls
including, for outbound calls, the number called, and the time, location, or duration of any call and, for in inbound
calls, the number from which the call was placed, and the time, location, or duration of any call”; and finding that “a
narrower definition that included only inbound or outbound telephone numbers would make it too easy for
unauthorized persons with partial information to confirm and expand on that information”).
493
See Consumer Watchdog Comments at 2-3; Lee Rainie, The State of Privacy in post-Snowden America, Pew
Research Center (Sept. 21, 2016) at http://www.pewresearch.org/fact-tank/2016/01/20/the-state-of-privacy-in-
america/ft_16-01-20_ssnumbers-1/.
494
See CTIA Comments at 96-97; Comcast Comments at 18; ANA Comments at 12; Electronic Transactions
Association Comments at 13; Future of Privacy Forum Comments at 27; NCTA Comments at 44.
495
See Letter from Maria L. Kirby, AVP Regulatory Affairs & Assoc. General Counsel, CTIA, to Marlene H.
Dortch, Secretary, FCC, WC Docket No. 16-106, at 2 (filed Oct. 18, 2016); Letter from Michelle R. Rosenthal,
Senior Corporate Counsel, Government Affairs, Federal Regulatory, T-Mobile, to Marlene H. Dortch, Secretary,
FCC, WC Docket No. 16-106, at 1, n.1 (filed Oct. 19, 2016); see also, e.g., 2012 FTC Report at 58-60; FTC Staff
Comments at 19-20; CTIA Comments at 96-97; DMA Comments at 10-11; ANA Comments at 12; CCA Reply at
19-22; Verizon Reply at 21-22; Letter from Melissa Newman, Vice President-Federal Regulatory Affairs,
CenturyLink, to Marlene H. Dortch, Secretary, FCC, WC Docket No. 16-106, at 5 (filed Sept. 13, 2016); Letter from
(continued….)