The Federal Communications Commission (FCC) has voted 3-2 in favor of legislation that privacy advocacy groups are hailing as a win for consumers.

The FCC, say various news organizations which wrote about the matter this past week, now requires that Internet service providers (ISPs), such as Comcast and Verizon, have their customers opt in before ISPs can share certain data about individuals’ online activities. NPR specifically notes that such information includes geolocation data, information about children and health, Web browsing history, social security numbers, and the content of communications individuals have with one another.

The official FCC announcement commented that the new rules within Section 222 of the Communications Act “ensure broadband customers have meaningful choice, greater transparency, and strong security protections for their personal information collected by ISPs.” Internet providers have one year to comply with the new regulations.

Three parts to these rules exist.

First, ISPs are now required to have consumers opt in before the types of information listed above can be shared, which has been common practice in the industry between ISPs and marketers that use the data to create personalized campaigns.

The sharing of non-sensitive information such as email addresses and service tier data could still be shared between such groups unless customers opt out of that type of sharing as well. This may place more of a burden on consumers because it could require them to address their service providers without an initial prompt.

Finally, customers can expect their ISPs to continue to collect – no matter their selections in the first two criteria – information necessary for the creation of accounts and the provision of billing statements.

The new rules also assert that the service providers must provide notices to consumers about the type of information they collect, how it could be used, and who customers can contact to change their privacy preferences. The Communications Act also encourages ISPs to engage in security practices that protect sensitive customer data and inform customers and law enforcement when such data has been compromised.