News Articles

Republicans Opt for FTC Privacy Framework

FCC, Congress pave the way for whacking Wheeler-era rules 3/06/2017 8:00 AM Eastern
TakeAway

The FCC and FTC are looking to synch up their approaches to the sharing of consumers’ personal information online.

WASHINGTON — It looks as though Internet service providers will not be held to a different standard for sharing their subscribers’ online information with third parties than is applied to edge providers such as Google and Facebook.

That was the principal takeaway from last week’s 2-1 vote to delay implementation of the data-security portion of the Federal Communications Commission’s Internet-privacy rules, approved in October under Democratic then-chairman Tom Wheeler and over the dissents of the two Republican commissioners — current chairman Ajit Pai and Michael O’Rielly — who voted last week for the stay.

The interim stay doesn’t actually change anything. It simply prevented the March 2 trigger for applying the requirements, which, like most of the rules, had yet to go into effect more than two years after the FCC gave itself broadband privacy authority under its Title II-based Open Internet Order.

The part of the framework that prevents Internet service providers from requiring their subscribers to submit to third-party information sharing as a quid pro quo of getting broadband service is already in effect, and is not affected by the stay. The rest of the regulations don’t kick in until December at the earliest, according to an FCC source who spoke to Multichannel News on background.

SYNCHING UP RULES

More important was what the stay signaled. Pai has long championed the Federal Trade Commission’s less restrictive approach to overseeing third-party information sharing by edge providers, which do not have an opt-in requirement. ISPs have been pushing hard for an FTC-centric take and had petitioned Pai and company to review and reverse that October decision.

In a joint statement with acting FTC chair Maureen Ohlhausen, Pai said the FCC would harmonize its rules with those of the FTC.

The harmonization will occur either by recrafting the broadband privacy order or by reversing the classification of broadband ISPs as common carriers under Title II of the Communications Act, which is how the FCC deeded itself the authority over broadband privacy in the first place.

If that happens, authority over Internet privacy will revert to the FTC, and the regulations for ISPs and edge providers will be harmonized by default.

That appears to be OK with both Pai and Ohlhausen.

“We still believe that jurisdiction over broadband providers’ privacy and data security practices should be returned to the FTC, the nation’s expert agency with respect to these important subjects,” the two chairs said in a joint statement last week. “All actors in the online space should be subject to the same rules, enforced by the same agency.”

But reversing Title II is a longer-range project, a point that Pai essentially conceded in saying that recrafting the regulations to square with the FTC is an interim fix.

The data-security rule that was stayed would only have required ISPs to make best efforts to protect data, so what was the big issue that required an interim stay?

“If he really wants to rewrite the order because he says it is not consistent with what the FTC is doing, then what’s the point of having businesses run around and do one thing when he is going to turn around and say do something different in three months?” asked a cable executive speaking not for attribution. “That is actually a rational thing to do, whether or not you believe what he is doing is right.”

Pai essentially did the same thing informally with the small business waiver of the Open Internet Order’s transparency rules. Although the waiver expired and the rules kicked in Jan. 17, Pai signaled to the industry that the FCC would not do anything before he could extend the waiver, which he did soon after taking over the FCC Jan. 23.

It is unclear what impact Pai’s decision will have on the parallel effort in Congress to use the Congressional Review Act invalidate the October 2016 broadband privacy order.

Rep. Marsha Blackburn (R-Tenn.) was hoping to get agreement among Republicans for a resolution, but there was no timetable on that, and Pai’s move could reduce the Republican pressure for congressional action. A Blackburn spokesperson had not returned a request for comment at press time But on the Senate side, Republican Jeff Flake of Arizona said he still planned to introduce a CRA scrapping the rules and essentially leaving the field clear for Pai’s rewrite.

In an op-ed in The Wall Street Journal, Flake said “the resolution would scrap the FCC’s newly imposed privacy rules in the hope that it would follow the FTC’s successful sensitivity-based framework,” which Pai has signaled will be the case.

DEMS: ‘WILD WEST’ APPROACH

Meanwhile, Democrats led by Sen. Ed Markey (D-Mass.) were seeing doom and gloom in the move, saying it heralded the killing of all the privacy rules and a “wild west” approach to privacy that would allow abusive practices with impunity.

Hardly, said fans of the FTC’s approach (see Viewpoint).

“Consumers will not be harmed because all this FCC decision does is maintain the status quo that has existed since the FCC adopted the Open Internet Order,” said the 21st Century Privacy Coalition, whose members include cable and telco ISPs. “The security of consumers’ online information will remain protected during the FCC’s reconsideration proceeding by the FCC’s application of Section 222 of the Communications Act to ISPs; the FCC’s May 2015 Enforcement Advisory, which the FCC issued almost two years ago to provide guidance while it developed broadband privacy rules and which will continue to apply during the FCC’s reconsideration proceeding; and the ISPs’ privacy principles, which cover data security and data breach notifications, among other things.”

Want to read more stories like this?
Get our Free Newsletter Here!