Policy

FAQ: What’s Up With Broadband Privacy

Republicans in Congress win repeal of Wheeler-era FCC-imposed regulations 4/10/2017 8:00 AM Eastern
TakeAway

Congress’s move to nullify the FCC broadband privacy rules raises questions for both providers and consumers.

WASHINGTON — President Donald Trump last week signed into law the successful GOP congressional effort to nullify the Federal Communications Commission’s attempt, under former chairman Tom Wheeler, to regulate broadband privacy.

Advertisers celebrated the GOP win, saying the rules had categorized “innocuous” information as sensitive and in need of opt-in permission to collect and share, while Internet service providers promised they have protected, are protecting and will protect their subscribers’ personal data.

Here are some answers to questions raised last week by congressional Democrats and others about the official passage of the Congressional Review Act resolution and the official end of the FCC’s attempt to write new rules.

Q: So, what is the current status of broadband privacy?
A: The FCC’s Oct. 27, 2016, vote to impose new broadband privacy regulations are repealed, and “substantially similar” rules cannot be reimposed by the FCC unless Congress authorizes it in another bill. Just what would qualify as substantially similar is open for debate.

Broadband providers have pledged to abide by voluntary privacy principles in any event, and Comcast has said it will change its privacy policy to make the opt-out option more prominent and reassure its customers that it does not sell customers’ individual Web browsing information to third parties. Click here to check out exactly what industry trade groups representing ISPs have pledged to do to protect broadband privacy. here.

Q: What can ISPs legally do now that the rules have been nullified?
A: They can share a range subscribers’ personal information with third parties without users’ affirmative permission, including Web browsing and app use history, as well as geolocation data, and can require data sharing as a condition of service.

Q: What obligations are now nullified for ISPs?
A: They no longer must institute government-mandated data security procedures or provide data breach notifications according to a government-imposed schedule.

Q: How long had the rules been in effect?
A: Virtually none of the rules had been in effect in the two years since the FCC assumed broadband privacy authority under the Open Internet order.

The FCC last month stayed implementation of the data-security provisions. The opt-in requirements were not scheduled to take effect until the end of the year. One part of the rules — preventing ISPs from making data sharing a quid pro quo for service — had already gone into effect, according to an FCC spokesperson.

Q: Who has authority over broadband privacy?
A: The FCC still has authority over ISP privacy under Title II regulations. The Federal Trade Commission has authority over edge provider privacy, although a court decision has raised questions about whether the FTC can regulate an edge-provider subsidiary of a common carrier — for example, privacy authority over Yahoo as a subsidiary of Verizon would fall into a gray area.

Q: What’s next?
A: The FCC is free to draft new privacy rules as long as ISPs are still under Title II and the new rules aren’t “substantially like” the old ones. In fact, FCC chairman Ajit Pai and FTC chairwoman Maureen Ohalhausen said last week that they will work together on a new, rational and effective system for protecting consumer privacy.

Congressional Republicans want the FCC to roll back Title II reclassification of ISPs and return broadband privacy to the FTC’s purview. Pai and Ohlhausen also ultimately want authority to revert to the FTC. If that happens, congressional Democrats want to give the FTC rulemaking authority so that, if it chose — likely under a future Democratic administration — it could impose its own privacy regulatory framework. The FTC’s power is generally confined to enforcing laws already on the books via filing suit against false and deceptive practices, rather than writing new rules.

Democrats also want to free the FCC to reimpose similar privacy regulations. Sen. Ed Markey (D.-Mass.) and 10 other Democratic senators introduced such a bill last week, but it will almost certainly be a nonstarter in Republican-controlled D.C. Read more about that effort here.

Want to read more stories like this?
Get our Free Newsletter Here!