Roles of FTC, FCC Are Front and Center in Privacy Debate

Yuri Samoilov/flickr

The Federal Communications Commission’s proposed privacy rules for internet service providers have ruffled the feathers in the tech industry since the agency passed the proposal in March.

A key question as the agency moves forward to a final rule will be how the FCC’s entrance into privacy rules would interfere (or coexist) with the regime currently enforced by the Federal Trade Commission.

The details will come into focus in the coming weeks, as FCC Chairman Tom Wheeler wants to finalize the proposal by the end of the year.

“It’s a turf war. Let’s be honest. It’s a turf war,” said Tim Sparapani, senior policy counsel at CALinnovates, a technology advocacy coalition. “We really need a do-over.”

Sparapani was speaking at a privacy briefing Tuesday sponsored by CALinnovates. Just hours earlier in the same building on Capitol Hill, all three commissioners of the FTC testified before the Senate Commerce Committee. They offered a lukewarm endorsement of the FCC’s privacy endeavors.

“In our initial bipartisan comment to the FCC, we were very supportive of their proposed rule in this area,” FTC Commissioner Terrell McSweeny said at the hearing. “We do believe that like the FTC, the FCC shares our goals of transparency, consumer choice, and security and that they have an important role to play in protecting consumer privacy.”

Sparapani said the FCC is only confusing matters. “As communications services continue to evolve, and these kinds of companies begin to merge more and more across traditional silos of industry, none of this is going to make any sense,” he said.

The FTC has historically policed the privacy practices of internet companies with its own regulatory framework. It requires companies to receive explicit consent before using a customer’s personal data, such as a Social Security number, geolocation information or financial data.

Companies that handle data irresponsibly or misstate their privacy practices can get hit with FTC enforcement actions.

Now the FCC is moving to act as a new privacy cop for internet service providers with a somewhat different framework. Under its plan, the FCC would cover the broadband providers, while the FTC would deal with internet companies on the front end such as Facebook or Amazon.com.

There are differences between the two regulatory approaches. For example, the FCC’s proposed rules would require all uses of consumer data to receive explicit opt-in consent. That means the internet service provider would have to get permission from a customer before it uses any data about that person’s network use.

The FTC only requires opt-in consent for sensitive data such as health or financial statements.

Supporters of the FCC proposal say the broader approach is essential to protect privacy online and will shore up the framework set up by the FTC. But critics worry that it will merely confuse businesses and consumers who won’t know which regulations to follow. Silicon Valley professionals say the FCC rules could stifle online innovation.

The recent announcement that Verizon Communications Inc. would buy Yahoo Inc. showcases the potential for confusion with two regulatory agencies, according to Sparapani. If the FCC polices the data handled by Verizon, and the FTC is in charge of Yahoo, the regulatory structure gets complicated if the companies pass information back and forth between each other (especially because they are technically the same company).

The FCC’s rulemaking process about privacy “has become a little bit of a battle for the hearts and minds over the appropriate approach to privacy regulation,” said former FTC Chairman Jon Leibowitz, who has been an outspoken critic of the FCC’s proposal.

But it’s hard to dispute that the FCC has the jurisdiction to regulate the privacy practices of broadband service providers after it reclassified ISPs as common carriers in its landmark net neutrality regulation. That rule was upheld in court earlier this year.

Harold Feld, senior vice president at the consumer advocacy group Public Knowledge, said it makes sense to include the FCC in the privacy regulating business. The FTC is a general consumer protection agency, not just a privacy protector, that works in concert with other agencies such as the Food and Drug Administration, the Department of Health and Human Services, and a number of financial regulators on all kinds of consumer protection issues.

It would make sense, then, that the FTC would work together with the FCC to shore up consumer data protections for communications services, Feld argued. “Whenever I talk to people outside of Washington, D.C., I have never heard anyone say, ‘I wish I had fewer people protecting my consumer privacy,’” he added.

The current FTC commissioners told lawmakers Tuesday that they want to help the FCC write its final rule, if nothing else. “I think it could be beneficial, given the years and years of experience the FTC has brought to consumer privacy, to be able to give additional feedback to the FCC,” FTC Commissioner Maureen Ohlhausen told the committee.

FTC Chairwoman Edith Ramirez said the FTC would “certainly be happy” to provide more comments on the proposed rules, but only if it’s “appropriate.” She added that she didn’t want to “intrude on that process.”

“We do engage in regular conversations with the Federal Communications Commission both at staff level as well as at my level and more senior levels to discuss the approaches that we take when it comes to privacy,” Ramirez added.

Speaking at the CALinnovates event, Leibowitz was more blunt. “The FTC comment was very diplomatic, as it should be, but it was very clear that the FTC has some fundamental differences with the approach that the FCC had taken,” he said.