While I'm generally a strong proponent of privacy rights, I do think that this particular order was a huge over reach, which didn't really do much to improve privacy, but merely re-classified things into different buckets and heaped a ton more government regulations into the pot. I also found it very interesting that they lumped in a set of network layer aspects of a users activities as "CPNI" which is protected from sharing (but then makes inconsistent exceptions for, say IP addresses which kinda have to be shared to work). While not explicitly stated in the document (which, let's face it, I skimmed at best), my usual concern about absurd network neutrality rules being adopted becomes present here. If network layer stuff is "protected" (like say, the application type, packet type, source and destination info, etc), then it becomes much easier under this change to declare any sort of packet based sorting as illegal, because the ISP is barred from sharing that information with third parties.
I'll also point out another objection I've raised with this sort of thing in the past. While the rules prohibit the ISP from sharing this with third parties, it does not at all prohibit them from using that information internally, nor within the context of content that they provide. The net effect could easily be handing a huge content advantage to the local provider since, as both Service and Content provider, that company can use network layer CPNI to shape network traffic to make their content work better than a potential competitor operating outside the range of the ISP (or BIAS) as they call it in the document.
Seems like it's more about providing a legal groundwork for ISPs to raise prices (and pad profits) by being "required" to provide additional security for their customers, while simultaneously providing them a competitive advantage to market content to their customers. The fact that the regulations actually acknowledge the issue of many customers having little or no choice about their service provider, while proceeding to lump a ton of regulation that will only increase costs to those same consumers (with, again, little or no choice), just seems to be about giving those ISPs the opportunity to raise those prices without having to worry about normal market forces preventing it.
There's pretty much zero in there that actually increases the existing laws regarding privacy when using the internet. So yeah. Bad regulation, pushed in during a lame duck administration period, more or less in the dead of night? Probably a good idea to eliminate it. Then maybe look at actual problems with network privacy and adopt legislation addressing just those things. Just dumping the entire thing into the realm of a new agency, and shoving the square peg of internet service providers into the round hole of a nearly century old set of laws regulating telephone companies, just seems like a really really bad idea.