With FCC Regulating Privacy, Internet Industry Braces for What’s Next

With the Open Internet Order, the Federal Communications Commission is staking itself out as the internet’s newest privacy cop, making the web industry and privacy advocates alike wonder just how far its powers will extend.

FCC Chairman Tom Wheeler announced Friday that the agency will soon begin deliberating how its new net neutrality authorities, which took effect June 12, will apply to consumer privacy on the web.

“We committed in the Open Internet Order to address issues of privacy implicated by consumers’ use of the internet,” Wheeler said in a speech at the Brookings Institution in Washington. “We will begin that process with a notice of proposed rulemaking in the autumn.”

But the rulemaking notice will touch off an effort to define how the FCC will approach an issue previously seen as the realm of the Federal Trade Commission. And that has put some stakeholders on edge.

“I’m worried about what the Commission is going to do in this space,” FCC Commissioner Michael O’Rielly said Thursday, referring to his own committee at an event hosted by the Internet Innovation Alliance. “I believe the Commission is light years behind where other agencies have been, including the FTC.”

“I think you’ll find that we’re headed in a very troubling direction,” added O’Rielly, a Republican member of the five-seat panel.

User data is at the heart of the profit model that underpins a great deal of online activity. O’Rielly described a “symbiotic relationship” in which internet users offer up their data to companies in exchange for free services like Google’s Gmail platform.

“Regulators trying to alter an aspect of internet activity must realize that they risk disturbing the entire internet marketplace, dramatically affecting other offerings by internet-related companies,” he said.

The net neutrality order subjected internet service providers to privacy requirements that previously applied only to telephone companies, without providing extensive guidance as to how to adapt the rules to the web. Industry analysts said the proposed rulemaking notice will likely address that issue.

“These are regulations that will be sort of set a precedent that folks will look at in other sections of the internet,” Doug Brake, a telecommunications policy analyst for the Information Technology and Innovation Foundation, a Washington-based think tank focused on formulating and promoting policies that combine innovation and technology, said in an interview Tuesday.

But even though the rules will deal directly with ISPs like AT&T Inc. and Time Warner Cable, they have the potential to impact the industry more broadly, Brake said.

The same argument that justifies the FCC guarding consumer data held by ISPs – namely, to encourage broadband investment and deployment – could also apply to so-called “edge providers,” companies like Google that interact directly with web users, he said.

“It seems to me the FCC has been pretty aggressive in writing a lot of these rules,” Brake said, referring to the portion of its charter law granting it authority over common carriers. “I’m expecting they’re going to try to reach pretty far.”

The FCC did not respond to requests for comment.

Privacy advocates say there’s no reason to regulate data held by ISPs while not doing the same for edge providers like Facebook and Google.

“There’s a certain irony that on the one hand you’re going to regulate the ISPs and their use of the data when you have some of essentially the same data in the hands of edge providers,” said John Simpson, privacy project director for Consumer Watchdog, a Santa Monica, California-based consumer advocacy group.

In June, Consumer Watchdog filed a petition with the FCC asking it to use its authority to force edge providers to honor requests from internet users that they refrain from tracking their data. That would be a rather broad – and unlikely – expansion of the FCC’s authority, Brake said.

The FCC has not responded to the petition, and the agency is under no legal obligation to do so.

T. Stephen Jenkins, an associate of Philadelphia-based law firm Pepper Hamilton LLP who deals with privacy issues, said he doesn’t think the FCC will soon issue any sweeping new grabs of authority, but the impending privacy regulations are nonetheless a cause of worry for the industry.

“The FCC is seen as this really knowledgeable agency when it comes to telecom and broadband internet, but there is a lot of skittishness when it comes to seeing how the FCC is going to enforce that power,” he said in an interview Tuesday.

One worry is that the FTC possesses more institutional knowledge than the FCC when it comes to regulating privacy. The FTC is barred by its founding law from regulating common carriers, meaning newly classified ISPs now fall outside its purview.

“My general worry is that privacy regulation has been a balancing act, and the FCC has not been a part of the conversation,” said Will Rinehart, director of technology and innovation policy for the American Action Forum, a center-right policy institute in Washington.

Rinehart said the FCC could seek to assert power over edge providers even without classifying them as common carriers by pointing to authorities granted in Section 706 of the 1996 Telecommunications Act and reaffirmed in the net neutrality decision.

Section 706 says the FCC is allowed to employ “regulating methods that remove barriers to infrastructure investment.”

The FCC’s Open Internet Order, published in March, states that consumer privacy concerns could have the effect of “lowering the likelihood of broadband adoption and decreasing consumer demand.” Rinehart said the FCC could use this line of argument to justify broad privacy action.

In any case, the rulemaking has the FCC’s opponents such as the Telecommunications Industry Association all the more skeptical of the agency and its use of new authorities under Title II of the Telecommunications Act.

“The FCC is seeking to create new and potentially duplicative Internet privacy rules,” Scott Belcher, chief executive officer of the Arlington, Virginia-based trade group that represents communications technology companies such as Cisco and Qualcomm, said in an email statement. “This underscores the reality that Title II is just a Trojan horse for the agency to begin heavy-handed regulation of the Internet.”

Morning Consult