The FCC has voted to stay, at least temporarily, implementation of the first new broadband privacy rules adopted under former FCC chairman Tom Wheeler.
The vote was 2 to 1, with Democratic commissioner Mignon Clyburn strongly dissenting.
"[The FCC] has issued a temporary stay of a data security regulation that would have subjected Internet service providers (ISPs) to a different standard than that applied to other companies in the Internet ecosystem by the Federal Trade Commission (FTC)," the FCC said Wednesday (March 1).
Related: Privacy Rule Followers Make Opinions Public
Pai had signaled that if the interim stay he had proposed were not voted on by March 2, when the data security portion of the rules were meant to kick in, he would have them stayed under delegated bureau authority.
In announcing the stay, the FCC said it would remain in place until the agency acts on petitions to reconsider the rules and come up with a new framework.
"ISPs have been – and will continue to be – obligated to comply with Section 222 of the Communications Act and other applicable federal and state privacy, data security and breach notification laws," the FCC said. "In addition, broadband providers have released a voluntary set of 'ISP Privacy Principles' that are consistent with the Federal Trade Commission’s long-standing privacy framework. For other telecommunications carriers, the Commission’s pre-existing rules governing data security will remain in place.
The FCC is staying implementation while it considers petitions from ISPs and others to review the entire broadband privacy framework, with which both Pai and fellow Republican Michael O'Rielly, who voted for the interim stay, have major issues.
Pai and acting Federal Trade Commission chair Maureeen Ohlhausen, whose agency oversees edge provider privacy, explained the need for the stay in a joint statement:
“We still believe that jurisdiction over broadband providers’ privacy and data security practices should be returned to the FTC, the nation’s expert agency with respect to these important subjects. All actors in the online space should be subject to the same rules, enforced by the same agency.
“Until that happens, however, we will work together on harmonizing the FCC’s privacy rules for broadband providers with the FTC’s standards for other companies in the digital economy. Accordingly, the FCC today stayed one of its rules before it could take effect on March 2. This rule is not consistent with the FTC’s privacy framework. The stay will remain in place only until the FCC is able to rule on a petition for reconsideration of its privacy rules."
Clyburn had plenty to say as well.
"On the very same day a major content distribution network revealed that the private data of millions of users from thousands of websites had been exposed for several months, the FCC announced its intention to indefinitely suspend rules requiring broadband providers to protect users’ private data," she said. "The irony here is inescapable. With a stroke of the proverbial pen, the Federal Communications Commission — the same agency that should be the 'cop on the beat' when it comes to ensuring appropriate consumer protections — is leaving broadband customers without assurances that their providers will keep their data secure. It is for this reason, that I must issue this unequivocal dissent."
Clyburn was referring to the so-called "Cloudbleed" bug that caused sensitive data leaks on websites that use the Cloudflare content delivery network. Cloudflare announced the vulnerability in February and released estimates of its impact Wednesday (March 1).
"[W]ith the new FCC, the ends justify the means," she added. "This Order is but a proxy for gutting the Commission’s duly adopted privacy rules — and it does so with very little finesse."
Clyburn had teamed with the FTC's lonean Democrat, Terrell McSweeny, last week in a joint statement defending the rules.
“Today’s action is a good first step in rolling back these requirements," said Emmett O’Keefe, SVP of advocacy for the Data & Marketing Association. "We look forward to continued action on the part of chairman Pai and the FCC to ensure that the modern digital economy can continue to create the innovative products consumers enjoy and rely upon without the burden of unnecessary regulations.
“For decades, a proven framework of industry self-regulation has fostered an environment for innovators to responsibly leverage data to reach consumers," O’Keefe added. "The hastily-adopted requirements that would needlessly disrupt this vibrant digital ecosystem should not be put into place, and DMA is confident that the FCC will achieve that goal.”