The Federal Communications Commission today approved privacy regulations for broadband services. The rules require ISPs to obtain consumers’ consent for "sensitive" information, which includes web browsing history and app usage, but excludes IP and MAC addresses which are also used to track Internet users. (A document obtained by EPIC under the FOIA indicates that Google lobbied for this exception.) The rules establish data breach notification requirements but permit companies to charge users for privacy protection and permit arbitration when violations of privacy rights occur. EPIC had urged the FCC to establish comprehensive safeguards for consumer privacy, to ban pay-for-privacy schemes, and to prohibit mandatory arbitration. EPIC has frequently defended FCC privacy rules and currently has a petition pending before the FCC to end the mandatory retention of customer telephone records.