Cable Communications Privacy — Subscriber Data Protection
Section 551 of the Cable Communications Policy Act (47 U.S.C. § 551), enacted in 1984 and amended in 1992, establishes comprehensive privacy protections for cable television subscribers — one of several sector-specific statutes in the broader federal data privacy framework — restricting when cable operators can collect, use, and disclose personally identifiable information (PII) about their subscribers. At a time when cable systems were emerging as powerful data collectors (knowing what channels you watched, when, and for how long), Congress built privacy protections directly into the Cable Act rather than relying on general consumer protection law. Cable operators must give subscribers written notice at sign-up (and annually thereafter) describing what information they collect, how they use it, and how long they keep it. They may collect PII only as necessary for service delivery or to detect unauthorized use. They may not disclose PII without prior written or electronic consent of the subscriber — except for legitimate business purposes related to cable service. Subscribers have the right to access and correct their data, and can bring a civil action for violations with minimum damages of $1,000 per violation, plus punitive damages and attorney fees. The cable privacy provisions are one of the strongest sector-specific privacy laws in the U.S. — providing protections that general consumer privacy law still does not match.
Current Law (2026)
| Parameter | Value |
|---|---|
| Governing law | 47 U.S.C. § 551 (Cable Communications Policy Act, 1984; amended 1992) |
| Covered entities | Cable operators and their affiliates |
| Notice requirement | Written notice at signup and annually — must describe collection, use, retention, and disclosure practices |
| Collection limitation | May only collect PII necessary for service or detecting unauthorized use |
| Disclosure restriction | No disclosure without prior written/electronic consent (with limited exceptions) |
| Government access | Government must obtain court order; subscriber must receive notice and opportunity to contest |
| Subscriber access rights | Right to view and correct personal data held by cable operator |
| Data destruction | Must destroy PII when no longer necessary for the purpose collected |
| Civil action | $1,000 minimum per violation, plus punitive damages, attorney fees, and actual damages |
| Statute of limitations | 2 years |
Legal Authority
- 47 U.S.C. § 551(a) — Notice requirements (cable operator must provide written notice to subscribers at signup and annually, describing: the nature of PII collected, the use made of such information, the period of retention, and the procedures for accessing and correcting information)
- 47 U.S.C. § 551(b) — Collection limitation (cable operator may not collect PII without consent, except as necessary to render cable service or detect unauthorized use)
- 47 U.S.C. § 551(c) — Disclosure limitation (cable operator may not disclose PII without prior written or electronic consent; exceptions for rendering service, conducting legitimate business activities, and responding to court orders)
- 47 U.S.C. § 551(d) — Subscriber access (subscribers must be able to examine all PII the operator has collected about them and correct any errors)
- 47 U.S.C. § 551(e) — Destruction of information (cable operators must destroy PII when it is no longer necessary for the purpose for which it was collected)
- 47 U.S.C. § 551(f) — Civil action (any person aggrieved may bring a civil action in federal district court; entitled to actual damages of not less than $1,000, punitive damages, reasonable attorney fees, and other litigation costs)
- 47 U.S.C. § 551(h) — Government access (a government entity may obtain PII only pursuant to a court order, and only after the subscriber has been given notice and an opportunity to contest the order)
How It Works
Cable privacy law operates on a notice-and-consent model that was ahead of its time in 1984. At signup, your cable provider must give you a separate, written statement clearly explaining what personal data they collect, why they collect it, how long they keep it, who they share it with, and how you can see and correct it — and must update it annually. No disclosure of your viewing habits or personal information happens without your prior written or electronic consent; the default is privacy, not disclosure. Collection itself is limited to PII necessary for rendering cable service (billing, providing channels, troubleshooting) or detecting theft of service — operators may not collect data for marketing, profiling, or third-party sale without your consent. This "purpose limitation" principle now central to GDPR was built into cable law four decades ago.
Government access to your cable records requires a court order, not just a subpoena — and you must receive notice and an opportunity to contest the request before your data is handed over. This is stronger than most other federal privacy statutes, which allow government access through administrative subpoenas without prior notice. Cable operators also carry an affirmative data destruction obligation: PII must be destroyed when it is no longer necessary for the purpose it was collected, whether that was billing, service delivery, or any other permitted use.
How It Affects You
<!-- pria:personalize type="eligibility" -->If you're a cable or internet subscriber through a cable company: Section 551 gives you a set of rights that are stronger than what most internet users have — but you need to know what they cover and how to exercise them.
What your cable company collects: Under § 551, your cable provider may only collect personally identifiable information that's necessary to provide service or detect unauthorized use. In practice, this means billing information, account details, and service usage data (what channels your service is authorized to deliver, technical information needed for troubleshooting). Your cable company is not permitted to collect data about your viewing habits for marketing or third-party sale without your explicit written or electronic consent.
Your right to see your data: You have an express statutory right under § 551(d) to examine all personally identifiable information the cable operator holds about you and to correct errors. To exercise this right, contact your cable provider's privacy or customer service department in writing and request a copy of all PII they maintain on you. They must make this available. If they don't comply, you can enforce the right through a civil lawsuit.
Your right to object to government access: If a government agency requests your cable subscriber records, the cable operator must obtain a court order before disclosing them — and must give you prior notice and an opportunity to contest the order in court under § 551(h). This is materially stronger protection than what applies to most digital records. If you receive notice that a government entity is seeking your cable records, act quickly — the opportunity to contest is time-limited.
If you believe your rights were violated — suing your cable company: Under § 551(f), any aggrieved subscriber may file a civil action in federal district court. The statute provides: (1) actual damages, but not less than $1,000 per violation (regardless of actual harm — this liquidated damages floor is important); (2) punitive damages if the violation was willful and knowing; (3) reasonable attorney fees and litigation costs — meaning attorneys can bring these cases on contingency because the fee-shifting reduces financial risk. The statute of limitations is 2 years from when you knew or should have known of the violation. Given that violation disclosures are often hidden in data breach notifications, consent form updates, or only discovered through litigation discovery, the 2-year clock starts from discovery.
Important caveat on scope: Section 551 covers cable operators — companies providing cable television service. The FCC's 2016 broadband privacy rules that would have extended similar protections to your internet service data were repealed by Congress in March 2017 under the Congressional Review Act. This means your cable company's ISP data (what websites you visit, when, and for how long) is not protected by § 551 — it falls under the much weaker FTC "unfair and deceptive practices" framework. The same Comcast that cannot sell your viewing data without consent can share your browsing data (with some limitations) because those records are held as an ISP, not a cable operator. This is one of the sharpest distinctions in federal privacy law.
If you're a streaming video subscriber (Netflix, Hulu, YouTube): Section 551 does not apply to streaming services that deliver video over the internet rather than traditional cable infrastructure. Internet-protocol television (IPTV) and streaming are not "cable service" under the Cable Act's definition. These platforms are governed by their own privacy policies and, where applicable, the Video Privacy Protection Act (which prohibits disclosure of specific video rental/streaming records) and general FTC consumer protection law. For comprehensive data minimization rights that apply across digital services, check your state — California's CPRA, Colorado's CPA, and similar laws provide opt-out rights for data sales that approximate § 551's consent requirement.
If you're a cable operator's compliance officer: Your Section 551 obligations are:
(1) Annual notice: Provide a separate, written cable privacy notice to each subscriber annually describing what PII you collect, how you use it, the periods of retention, and how subscribers can access and correct their information. This can be included in a subscriber bill only if it's clearly identified and distinguishable.
(2) Consent before disclosure: Obtain prior written or electronic consent before disclosing PII to any third party — with narrow exceptions for rendering service, legitimate business activities directly necessary to cable service, and court orders. "Consent" requires opt-in, not opt-out, for PII disclosures. Court orders must go through the § 551(h) process (court order, subscriber notice, opportunity to object).
(3) Data minimization: Collect only what is necessary for service delivery or unauthorized-use detection. Expanding data collection for marketing analytics requires subscriber consent.
(4) Data destruction: Affirmatively destroy PII when it is no longer necessary for the purpose collected. This is not discretionary — the statute imposes an affirmative destruction obligation, not just permission to delete.
Class action exposure is real: the $1,000 per violation minimum damage floor, combined with attorney fee shifting, makes Section 551 violations attractive targets for class action plaintiffs' counsel. Each subscriber who doesn't receive the required annual notice, whose data is disclosed without consent, or who can't access their records is a potential $1,000 per-violation claim. A Comcast-sized subscriber base means aggregate exposure can reach hundreds of millions of dollars for systematic non-compliance.
<!-- /pria:personalize --> <!-- pria:personalize type="impact" -->If you're a government investigator: Cable subscriber records require a court order — not just a subpoena — and the subscriber must be notified and given a chance to object before the records are disclosed.
If you're an advertiser or data broker: Cable viewing data — what subscribers watch, when, and how often — cannot be shared for advertising purposes without subscriber consent. For protections specific to children's online data, see the Children's Online Privacy Protection Act (COPPA).
<!-- /pria:personalize -->State Variations
<!-- pria:personalize type="state-specific" -->Section 551 is federal law, but states may add protections:
- Some states have enacted their own cable and satellite privacy laws with additional protections
- State consumer privacy laws (California CCPA/CPRA, etc.) may provide overlapping protections for cable subscriber data
- Local cable franchise agreements may include additional privacy provisions
- Section 551's protections generally preempt less protective state laws but not more protective ones
Implementing Regulations
The Cable Communications Policy Act privacy provisions (47 U.S.C. § 551) are primarily self-executing — they directly impose obligations on cable operators regarding collection, disclosure, and subscriber access to personally identifiable information, with enforcement through private right of action and FCC oversight.
-
47 CFR Part 76 — Multichannel Video and Cable Television Service (203 sections across 21 subparts — the FCC's comprehensive cable television regulatory framework covering must-carry obligations, retransmission consent, technical standards, rate regulation, and competitive access):
- Subpart D — Carriage of Television Broadcast Signals (Must-Carry) (§§ 76.55–76.70): cable systems serving 12 or more subscribers must carry all local commercial broadcast television stations that elect must-carry status (§ 76.56); stations alternatively may elect retransmission consent — negotiating compensation from the cable operator rather than exercising the carriage right; NCE (noncommercial educational) stations are carried automatically without election; cable operators must place carried stations on the same channel position as their over-the-air broadcast (§ 76.57); operators may not accept payment for carriage or channel position (§ 76.60); disputes over carriage are resolved by FCC complaint process (§ 76.61)
- § 76.64 — Retransmission Consent: no multichannel video programming distributor (MVPD — cable operator, satellite carrier, or streaming vMVPD) may retransmit the signal of any commercial broadcasting station without the station's express written consent; stations that elect retransmission consent (rather than must-carry) negotiate compensation directly with MVPDs — retransmission consent fees are now a significant revenue source for broadcast stations, often reaching $1–3 per subscriber per month for major network affiliates; good faith negotiation is required (§ 76.65); exclusive retransmission consent deals are prohibited to prevent cable operators from blocking satellite competitors from carrying broadcast signals
- Subpart N — Cable Rate Regulation (§§ 76.901–76.970): local franchising authorities may regulate the price of the basic service tier — the minimum package that must include all broadcast stations and public access channels — but only if the cable system is not subject to effective competition; the Cable Television Consumer Protection and Competition Act of 1992 established the rate regulation authority; since 2015, virtually all cable systems are presumed to face effective competition based on the presence of satellite and streaming alternatives (§ 76.906), effectively rendering basic tier rate regulation defunct in most markets; cable operators remain free to price expanded tiers, premium services, and equipment without franchise authority review
- Subpart F — Network Non-Duplication and Syndicated Exclusivity (§§ 76.92–76.163): broadcast stations with exclusive rights to network programs or syndicated content in their market may require cable systems to black out those programs on distant imported stations carrying the same content; a local NBC affiliate with exclusive rights in its DMA can require the cable system to suppress the NBC feed on a distant-city NBC affiliate that the cable system might also carry; the "sports blackout" provisions (§§ 76.127–76.128) similarly protect local sports broadcast rights from distant-station competition via cable
Part 76 occupies the center of the ongoing tension between broadcast networks, local affiliates, and cable/satellite distributors. Retransmission consent negotiations — which recur every three years when consent agreements expire — periodically break down, resulting in signal blackouts where cable subscribers lose access to local broadcast channels until the parties reach agreement. The FCC may not directly intervene in retransmission consent pricing but can require good-faith negotiation. The must-carry/retransmission consent election system means every broadcast station faces a strategic choice: guaranteed carriage at no payment (must-carry) or leverage to negotiate compensation (retransmission consent).
Pending Legislation
No standalone cable privacy reform bills have been introduced in the 119th Congress. Cable subscriber privacy provisions appear in broader telecommunications and data privacy legislation — see FCC Telecommunications. For video viewing records specifically, see the Video Privacy Protection Act.
Recent Developments
The convergence of cable, internet, and streaming services has blurred the boundaries of Section 551's protections. When Comcast provides both cable television and internet service, which data is covered by cable privacy protections and which falls under different (usually weaker) internet privacy rules? The FCC's 2016 broadband privacy rules (which would have extended cable-like privacy protections to broadband internet data) were repealed by Congress in 2017 under the Congressional Review Act — leaving internet browsing data with weaker protections than cable viewing data. The growth of internet-protocol television (IPTV) and streaming services delivered over broadband (rather than traditional cable) has raised questions about whether Section 551 applies to modern video delivery platforms.