NEW YORK, WEDNESDAY MARCH 2, 2017. The FCC announced yesterday its decision to put on hold the implementation of a set of privacy rules for broadband providers, which would have come into effect today. It is very clear from the FCC Press Release and the statement from the FCC spokesman that the FCC has no intention of enforcing these privacy rules at all; the notion of these privacy rules being “stayed” is more of an understatement.
What the Privacy Rules Covered
The Privacy rules, which were passed when the FCC had a Democratic majority would have required broadband providers (like AT&T, Verizon and Comcast) to obtain informed consent from their customers in order to share sensitive personal information, including web-browsing history, geolocation, and financial details, with third parties. To share the sensitive private information of their customers, the broadband providers would have needed a specific authorization from each customer (an “opt-in”) while non-sensitive customer PI would have required giving the customers an option to opt-out.
These privacy rules were also meant to increase the standard of care and the notification requirements related to data breach. Indeed, broadband providers would have become duty-bound to notify each affected customer “without unreasonable delay and in any event no later than 30 calendar days after the carrier reasonably determines that a breach has occurred.”
Rational for the Internet Privacy Roll Back
In a press release, the FCC stated that the roll-back is “a step towards ensuring that consumers have uniform online privacy protections.” A spokesman for the FCC said “Chairman Pai believes that the best way to protect the online privacy of American consumers is through a comprehensive and uniform regulatory framework,” the spokesman said. “All actors in the online space should be subject to the same rules, and the federal government shouldn’t favor one set of companies over another.”4
This first rational regarding uniformity is not very strong because one broad rule applying indiscriminately to all actors would probably do more harm than good.
The FCC press release also states that “the Commission’s stay will provide time for the FCC to work with the FTC to create a comprehensive and consistent framework for protecting Americans’ online privacy.”
This second rational is stronger. It is accurate that the FTC, not the FCC, usually controls the field of privacy as it relates to the Internet. However, it is well within the FCC’s authority to regulate telecommunication companies.
This move is meeting stiff opposition from privacy advocates including Senators Edward Markey, Richard Blumenthal, Elizabeth Warren and Al Franken who wrote to Ajit Pay, the newly-appointed Chairman of the FCC.