Hardly anyone was pleased by the rollback of the broadband privacy rule last month, opening up the possibility of ISPs collecting and selling your browsing data — including, as it turns out, cities whose citizens were left out in the cold. Seattle wasted no time taking matters into their own hands, and the result is a local rule that provides a few of the repealed one’s critical protections.
The FCC’s broadband privacy rule would have boosted requirements for transparency and security practices — and more importantly would have added browsing history to the list of “customer proprietary information” and required ISPs to get advance permission from consumers to track and sell it.
Of course, it was never allowed to take effect. Seattle’s response was swift; I talked with the city’s CTO, Michael Mattmiller, about what happened next.
“When the president and Congress repealed the rule, the mayor directed us to look for authority the city already had to restore — or perhaps not restore, but make a rule like it,” he said.
The city found its authority in the municipal code governing cable franchises; the rules on the books are mostly about TV service, but setting “privacy standards for subscribers of cable service and other services provided over the cable system” seems well within the mandate.
The new rule was added yesterday; it requires cable internet providers to obtain opt-in consent before using web browsing history or other internet usage data for its own purposes.
Internet providers have occasionally protested that they don’t do that kind of thing anyway.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
“We say that’s great, but we still think there should be a rule. Trust, but verify — that’s our mantra,” Mattmiller said. “ISPs don’t want to be treated different from Google, Facebook, Amazon and other tech companies. But we believe that a consumer’s relationship with their ISP is fundamentally different from other services or websites.”
In addition to getting opt-ins from consumers, ISPs would have to provide their privacy statement to city authorities for inspection yearly, and if they do any aggregating and anonymizing of data, provide their methods and reasons for doing so.
The rule affects Comcast, CenturyLink and local ISP Wave; these three account for a large majority of broadband subscribers in the city. ISPs that do wireless or satellite connections technically aren’t bound by the cable rules, so they’re unaffected for now — unless, Mattmiller joked, they volunteer to submit themselves to the new regulation.
May 24 is the deadline for compliance with the rules, so if you’re in Seattle (like me), one of two things will happen. You might receive an update from your internet provider asking you to opt into their data collection scheme. But you also might not, which either indicates that the ISP doesn’t have a scheme like that, or decided to shut it down before the 24th. Sounds good to me either way.
