(no title)

Paragraph 106 mandates that the information released should not be able to be de-identified, and third parties must be contractually obligated to not de-identify customers from the data.

Paragraph 117 says the clause must be transferable to third-parties all the way down the list, but a middle-man can hire a company in a different country to do the necessary work, outside the jurisdiction of the FCC.

Paragraph 115 says the ISP can share the IP address, and no other identifying data, and meet the requirements of de-identification. A clause to "revisit this topic later" is present. Damn right you better -- combined with other data sources from social media and search engines, I can trivially combine multiple data sources using the IP address and build a "personal profile" of your entire Internet usage, including those really unique "outlier" destinations.

Paragraph 143 says that no periodic reminder is required, so expect the "privacy notice" to be buried in a sea of required checkboxes at point-of-sale, and never seen again. There are provisions that it be available on a website and via other methods, etc., but "available" versus "easily found" are two different things.

Most of these rules will take effect in 12 months, not immediately. (The rule of preventing ISP services requiring you waive your privacy to provide service is 30 days (paragraph 295, § 64.2011), data security requirements in 90 days (§ 64.2005), and data breach notifications and requirements in 6 months (§ 64.2006).)