Will the FCC Be the New Privacy Cop on the Beat?

(Rob Kunzig/Morning Consult)

The Federal Communications Commission will dive into a controversial policy proposal Thursday when the five-member panel convenes to vote on privacy rules for broadband internet service providers.

The new rules could thrust the FCC into the shared role of privacy cop with the Federal Trade Commission.

The rules are still in nascent stages, but they could have a major impact on internet service providers and the broadband industry as a whole. When the FCC took the unusual step of releasing a fact sheet about the proposal on March 10, numerous industry groups weighed in worrying that the FCC’s entrance into the ISP space could create two sets of regulations enforced by two separate agencies. (The FTC also regulates ISPs.)

It’s a long rulemaking process. But internet service providers are already pushing back. A new set of privacy requirements from a new regulator would give them far more work and expose them to more liability. Providers argue that they already have requirements for how they handle consumer data enforced by the FTC.

If the FCC must regulate, providers say, use a light touch. USTelecom’s president called for the FCC to adopt a framework based on the FTC’s “longstanding and effective approach to privacy.”

USTelecom represents numerous companies in the space, including AT&T Inc., Verizon Communications and CenturyLink. CTIA, which represents wireless providers, including AT&T and Verizon, also called for the FCC to stay consistent with the FTC’s structure.

Republicans say the proposed rules are potentially dangerous to the market. Rep. Marsha Blackburn (R-Tenn.), vice chairwoman of the Energy and Commerce Committee, said last week that the FCC’s move toward regulating internet service providers’ privacy practices was “troubling” to her.

“The FTC has traditionally been our government’s sole internet privacy regulator,” Blackburn said at a Free State Foundation event. “Having dual entities regulate online privacy is going to create confusion, as pieces of the internet ecosystem would potentially be subject to different privacy rules. We see this as being counterproductive.”

Energy and Commerce Committee Chairman Rep. Fred Upton (R-Mich.) said at a recent hearing the new privacy rules “have the potential to harm the very sectors they are attempting to preserve and stimulate.”

At the same hearing, Communications and Technology Subcommittee Chairman Rep. Greg Walden (R-Ore.) said the entire proposal should have been released instead of just an agency fact sheet.

The fact sheet provides some insight into the draft proposal, but it is still woefully short on details for industry participants. It says internet service customers should be able to choose whether to allow their provider to use their data for marketing purposes. It says there should be guidelines for keeping that data safe, whether it’s shared or not.

The proposal would also obligate broadband companies to institute risk management practices, train appropriate personnel, and implement customer authentication. It would hold providers responsible for protecting consumer information after it’s shared with third parties.

There are also transparency requirements. The proposal would also mandate that companies report breaches to the FCC within seven days of discovery and affected customers within 10 days. They would also have to notify the Federal Bureau of Investigation and the U.S. Secret Service within one week of breaches hitting more than 5,000 customers.

The rules have received positive feedback from some Democrats in Congress and open internet advocates. The Open Technology Institute praised the commission for protecting consumers from broadband service providers with extensive details about peoples’ online behavior.

The Center for Democracy and Technology concurred. It’s director of privacy and data, Katharina Kopp, said, “It’s good to see the FCC seize this rare and important opportunity to protect the privacy of broadband consumers.”

Sen. Ed Markey, former chairman of the Energy and Commerce Committee, also lauded the proposal. “Internet service providers have a duty to protect the privacy of consumers who use the company’s wired and wireless infrastructure to connect to the world,” the Massachusetts Democrat said, adding that the FCC should “move quickly to put these rules on the books.”

Morning Consult