The FCC’s Privacy Problem
The Federal Communications Commission’s (FCC’s) proposed privacy rules for broadband providers are anti-consumer and anti-competitive. These proposed rules, released in March in the FCC’s Notice of Proposed Rulemaking (“NPRM”), break with well-established Obama Administration and Federal Trade Commission (FTC) policy, undermining broadband providers’ ability to develop and offer new consumer products and services—including discounted services—and distorting online markets by creating different and conflicting rules for companies online.
Consumers have legitimate concerns about their privacy in the digital age, and for two decades, the FTC has addressed these concerns by applying a flexible framework that protects consumers, considers the sensitivity of the information, and enables internet businesses to innovate and thrive.
{mosads}The FTC approach, which protects consumers by making sure they know and have a say in how companies handle their personal data, has kept the United States a leader in the global internet economy by giving companies the flexibility to innovate and offer new—and low cost—products and services to consumers. The Obama Administration endorsed a similar approach several years ago in a privacy report that outlined a “Consumer Privacy Bill of Rights,” which, like the FTC framework, reflected the reality of the internet economy and recommended consistent regulation across the internet ecosystem.
The FCC recognizes that the FTC’s regime is the gold standard for privacy protection, but its NPRM nonetheless departed radically from the FTC’s framework and the Obama Administration’s similar approach by not distinguishing between sensitive and non-sensitive data, a vital hallmark of privacy regimes in the U.S. and Europe. This distinction ensures restrictions on data use are tethered to actual privacy risks.
In addition, under the FCC’s proposed rules, broadband providers would be required to interrupt consumers’ online experience with frequent and intrusive requests for consent to use customer information to display ads for new services that consumers may enjoy. The proposed rules also would impede broadband providers’ use of customer data to improve and develop new services. By contrast, under the FTC’s framework and the Obama Administration’s approach, such uses have long been allowed.
The FCC’s NPRM also risks undermining the U.S.-EU Privacy Shield agreement, which was recently concluded after contentious negotiations between U.S. government officials and their EU counterparts. The Privacy Shield is a critical tool for U.S. companies doing business in the EU, allowing them to transfer data to the U.S. It requires U.S. companies’ handling of such data to be subject to FTC oversight and enforcement. Deviating from the FTC’s approach therefore could fuel challenges to the Privacy Shield in EU courts. In fact, certain officials in Europe are already beginning to highlight the inconsistency between the U.S. government’s support of the FTC framework under the Privacy Shield and the FCC’s proposed departure from that framework.
Protecting consumer privacy is vital, but the FCC has not articulated any actual privacy harms that consumers suffer today as a result of ISPs’ data privacy practices, or even that consumers would likely suffer in the future were the FCC to adopt rules consistent with the FTC’s framework.
In fact, in the investigation and analysis of online privacy practices that the FTC conducted several years ago, the FTC found that consumer data is also available to, and used by, a wide variety of edge providers, which would continue to operate under the FTC’s regime. The FCC’s proposed rules thus would not change the way the vast amount of consumer data is protected and could confuse consumers who do not expect their data to be handled differently depending on the type of online entity that happens to hold it.
The FCC can avoid these problems by adopting rules consistent with the FTC’s time-tested and flexible approach, including rules that distinguish between sensitive and non-sensitive data and apply opt-in consent requirements solely to certain uses of sensitive information (e.g., health or financial data or visits to sensitive web sites). This will benefit consumers: ISPs will continue to provide strong privacy protection for consumers while remaining able to develop innovative new services and compete in the dynamic and evolving online marketplace.
Nancy Libin, a partner at the law firm Jenner & Block, is the former Chief Privacy Officer of the U.S. Department of Justice, Senate Judiciary Committee Counsel to then-Senator Joe Biden, and Counsel at the Center for Democracy & Technology.
The views expressed by authors are their own and not the views of The Hill.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. Regular the hill posts