Major Trade Groups Offer FCC Compromise on Privacy Rules for ISPs
With a rulemaking imminent, major industry trade associations submitted to the FCC a consensus proposal on ISP privacy rules Tuesday. Meanwhile, FTC Commissioner Maureen Ohlhausen said the FCC would be better off leaving ISP privacy to her agency, which has expertise in the area, rather than approving its own set of rules. Ohlhausen spoke Tuesday on an Information Technology and Innovation Foundation panel.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
The industry proposal said the FCC should focus on four areas -- transparency, respect for context and consumer choice, data security and data breach notification. In each of the areas, the FCC should ensure its approach is harmonized with the FTC, said a letter to FCC Chairman Tom Wheeler signed by the American Cable Association, the Competitive Carriers Association, CTIA, NCTA and USTelecom. The FCC is expected to take up the privacy NPRM as early as its March 31 meeting (see 1602110054), and industry and FCC officials say it could be one of the most hotly contested debates of 2016.
“By adopting these principles, the Commission would establish a regime that protects consumer privacy and security while also providing flexibility for providers to implement and update their practices as consumer expectations and technologies evolve,” the groups said. “Because regulation of broadband privacy is a new area for the Commission, it should take the necessary time to build a robust record rather than prejudge the issues by adopting tentative conclusions before there is a public discussion of the consensus Privacy Framework.” The FCC didn't comment.
Wheeler has said publicly on at least three occasions, most recently at CES in January, that the FCC has a role in privacy, agency officials said. Wheeler noted at CES the agency has had responsibility for 80 years, under Title II of the Communications Act, for the “privacy responsibility of networks.” Also at CES, FTC Commissioner Julie Brill said she would welcome an FCC NPRM on privacy (see 1601110065).
Ohlhausen said the FTC, unlike the FCC, has more than 70 economists with Ph.D.s, who are experts in competition theory. If there must be a rulebook for privacy data security, “it will probably come as no surprise to anyone here that I believe there are significant advantages to the FTC’s tried and true approach,” Ohlhausen said. “We use case-by-case enforcement, applying general legal principles to specific facts, constrained by certain institutional features and a focus on addressing real consumer harm.”
The measure of success for all regulatory actions aimed at protecting consumers ought to be “does it make consumers better off,” Ohlhausen said. “Not does it benefit one set of companies or does it curry favor with some vocal observers or does it make a nice acronym.”
Consumers have a variety of preferences on privacy, Ohlhausen said. “An expansive one-size-fits-all rule is unlikely to match the preferences of most consumers.” Technology and business models are also changing rapidly, she said. “Enforcement of generally accepted legal principles can better keep abreast of new developments rather than a rigid rulemaking.” Ohlhausen also said consumers can be worse off when two regulators have different sets of rules.
“I’ve been warning about the negative effects of reclassification of broadband Internet access service for a long time,” Ohlhausen said. The effects of reclassifying broadband as a common carrier service are “rippling” through many other policy areas, she said.
ITIF also released a report Tuesday urging the FCC to leave privacy alone. “The calls for rigid, paternalistic regulation from advocacy groups like Public Knowledge and New America Foundation are flawed,” the ITIF report said. “They systematically ignore the benefits of data innovation, downplay the advantages of industry best practices and the flexible Federal Trade Commission framework, overstate risks, and understate customers’ control over their privacy.”
Flurry of White Papers
“This flurry of white papers and proposals before an anticipated rulemaking points to the fact that the FCC should have started with an inquiry, and perhaps would still be appropriate to begin with an NOI now,” Doug Brake, ITIF telecom policy analyst, told us after the session. The industry proposal “certainly aims in the right direction, a flexible, consistent framework that allows for changes in business models, unpredictable new technology, and dynamic competition across industries,” he said. “But why have the FCC recreate the wheel?” Brake asked. “Why not instead recognize that use of customer data is not a common carrier activity, meaning the FTC common carrier exemption does not apply, and forbear from [Communications Act Section] 222 as applied to broadband entirely? The FCC should focus on other issues more central to its mission.”
“As with the criticisms of Title II last year, the wailing and gnashing of teeth over the death of innovation derives from a fundamental misunderstanding over how Sec. 222 actually works,” emailed Harold Feld, Public Knowledge senior vice president. “It is difficult to see how giving consumers clearer notice and opt in will crush innovation and leave only decimation in its wake.” Feld said one of Ohlhausen’s main objections was that the FCC shouldn't have reclassified broadband. “I can see why someone at the FTC might be annoyed, but it was a year ago,” he said. “I suggest that rather than re-litigate Title II, folks like ITIF should get over it and deal with the actual law today. The idea that consumers should be unprotected because a bunch of folks still can't get over that they lost on Title II captures Washington dysfunction pretty thoroughly.” Feld also said he welcomed the ISP filing. "Obviously, while we disagree on many of the details, it is good to see the ISPs interested in genuine engagement on the issue." he said. "I hope we can reach agreement on taking the highly successful data security and data breach rules from the voice world and applying them to data."
“The FCC has the authority, appropriate expertise, and legal obligation to regulate the privacy obligations of broadband providers under Title II,” said Laura Moy of the Institute for Public Representation at Georgetown University Law Center. The laws governing the FTC and the FCC make this clear, she said. “There are many instances in which specific, prospective privacy rules are necessary to foster trust in valued relationships, such as the relationship between patient and doctor, between client and attorney, or between customer and bank and the relationship between an individual and the communications network is another one of those relationships,” Moy said. “In the 21st century, specific, prospective privacy protections are needed to foster trust in the network itself as a safe place to engage in online expression and association, not to mention online education, job-seeking, healthcare, and so on.”