News Articles

Congress Powers Down FCC’s Privacy Rules

It’s unclear what kind of oversight lies ahead for online user data 4/03/2017 8:00 AM Eastern
TakeAway

ISPs will not face tougher restrictions on collecting and sharing info than edge providers.

WASHINGTON — The Republican Federal Communications Commission and Congress have tag-teamed to put the agency’s broadband privacy regulations down for the count. Could the Title II reclassification that created them be next?

FCC chairman Ajit Pai signaled that was his preference.

First Pai, with an assist from Michael O’Rielly, voted to stay enforcement of the data-security portion of the rules. The House then followed the lead of Senate Republicans and narrowly pushed through a Congressional Review Act resolution that would invalidate all of the rules and prevent the FCC from restoring them in substantially the same form.

That would be unlikely to happen under Pai anyway, but the CRA would future-proof them from restoration under a Democratic administration.

The FCC rules required Internet service providers to get their subscribers’ permission to collect and share a broad category of sensitive information, including most importantly the Web browsing and app use that marketers — with an eye toward targeting — crave.

It also had data security elements, breach notification requirements and a prohibition on take-it-or-leave-it regimes in which sharing data was a quid pro quo for the ISP programs.

The FCC can still come up with rules along the lines of the Federal Trade Commission’s approach to edge provider privacy — based on the sensitivity of the data and without requiring opt-in for Web browsing or app use — using its authority over common-carrier Customer Proprietary Network Information (CPNI). However, that also probably wouldn’t happen if Pai could find a way out from under the Open Internet order first.

President Donald Trump is expected to sign the bill (and may even have signed it by press time), adding his imprimatur to the effort to invalidate former FCC chairman Tom Wheeler’s effort to put stronger privacy regulations on ISPs because of their perceived “gatekeeper” status vis-à-vis edge provider data-collection giants such as Google and Facebook.

ISPs had promised before, and promised again last week, to abide by a set of principles they comm itted to in an effort to keep the FCC from adopting the privacy rules last October, rules from which both Pai and O’Rielly dissented.

But that framework is full of “shoulds” and “mays,” not “musts,” and that had privacy advocates using terms such as destroy and damage in decrying the vote as rewarding robber baron ISPs that wanted to write their own rules.

The FCC rules required ISPs to get opt-in permission to collect and share user data for a broad category of “sensitive” information, including Web and app use. Edge providers such as Google and Facebook can collect and share such information with marketers without getting user permission up front.

That’s the main sticking point for ISPs, who say that is a thumb on the scale for edge providers, creating an uneven playing field and threatening the ad-supported economic model that allows for all that free online content.

Congressional Democrats have been talking about a new privacy Wild West created by invalidating the rules. But ISPs have not been under those rules since 2015, when the FCC’s reclassification of broadband providers as telecoms under Title II of the Communications Act deeded the agency broadband privacy oversight. What was once the FTC’s province would not have been under the new regime until year-end.

It is unclear what the FCC’s broadband regulatory approach will be if the rules go away, unless the Open Internet order is repealed. If that happens, Pai has signaled he will be happy for said oversight to return to the lighter-touch approach of the Federal Trade Commission. The FTC’s power is essentially to enforce privacy promises and pursue violations as unfair or deceptive practices on a case-by-case basis, rather than writing new regulations.

Pai has said his core goal would be a regulatory framework that establishes a uniform expectation of privacy — and, that popular Republican space, a “level playing field.”

Democratic senators have been saying that if the FCC wants to harmonize privacy protections with the FTC, then why not give the FTC rulemaking authority so it could adopt similarly strong regulations? That, however, is highly unlikely under a Republican administration.

Repeal and Protect

WASHINGTON — Following the House vote to repeal the FCC’s broadband privacy rules, chairman Ajit Pai said he would work with the FTC to protect online privacy. He did, however, suggest that “the best way to achieve that result would be to return jurisdiction over broadband providers’ privacy practices to the FTC, with its decades of experience and expertise in this area.” That can only happen if the FCC reverses the Title II classification of ISPs.

Republicans could pay a political price for their votes to invalidate the rules — at least 50 in the Senate and 241 in the House.

And at least one group was trying to exact that price with a public calling-out. At press time, the advocacy group Fight for the Future had mocked up a billboard it said was going up in D.C., calling out those 50 senators, while a second was targeting House Communications Subcommittee chair Marsha Blackburn (R-Tenn.) in her home state.

The group was also taking credit for the fact that 25 Republicans voted against the measure, though it is unclear how they would have voted had they been needed to push it over the top.
— John Eggerton

Want to read more stories like this?
Get our Free Newsletter Here!