In a shift from an earlier proposal, the Federal Communications Commission’s final rules to regulate the privacy practices of internet service providers are expected to be in line with the Federal Trade Commission’s approach, according to telecom and agency sources.
FCC Chairman Tom Wheeler has two other big-ticket items on his year-end agenda, cable set-top boxes and pricing for business data lines used by banks, hospitals and the like. As such, it appears the top telecom regulator will grant the private sector’s pleas to make the new privacy regulations distinguish between “sensitive” and “nonsensitive” data.
An industry source says discussions are focusing now on how much the FCC will echo the FTC’s method of enforcing privacy. The FTC requires companies to obtain explicit consent only before using “sensitive” data such as geolocation or financial information.
That would be a notable change from the FCC’s initial proposed rule — passed in March — that includes a requirement that ISPs get customer consent before using virtually all consumer data.
The FTC filed comments with the FCC this summer saying the agency supports the FCC’s general focus on privacy, but its officials also offered a bevy of suggestions. Significantly, they suggested allowing ISPs to use consumer data that isn’t sensitive on an opt-out basis. That would mean that customers can explicitly say they don’t want the company to use their information, but the firm wouldn’t need to ask permission before using it. This is similar to the FTC’s way of regulating privacy among web entities in their jurisdiction such as Amazon.com or Facebook.
The FCC appears to be taking those comments, and others, into account, sources say.
Wheeler has said several times the FCC is working with the FTC in an “ongoing dialogue,” as he referred to it at a Senate Commerce Committee oversight hearing in September. FCC officials “take those [comments] seriously and are embracing them” in their development of the privacy rules, he said.
“We do know they take our comments very seriously,” FTC Chairwoman Edith Ramirez told the same committee at an FTC oversight hearing a few weeks later.
Criticism of the FCC’s proposed rules has centered on how the agency’s new rules would require companies to receive explicit consent to use all consumer data.
The private sector has argued FCC’s proposal to require consent for use of all data would confuse both consumers and businesses because the two halves of the internet — ISPs and so-called “edge providers” such as Facebook — would be subject to two different sets of privacy expectations.
The FTC, the agency tasked with policing internet companies’ privacy practices, has required those companies to receive explicit consent from consumers before accessing “sensitive” data, which includes Social Security numbers, geolocation information and health information.
The industry is watching the deliberations carefully and making its views known. USTelecom, which represents AT&T Inc. and Verizon Communications Inc., launched a website campaigning for the FCC to adopt the FTC’s framework on Monday. It argues that many websites and online services “are free because companies can show ads to consumers based on their browsing history or preferences.”
The group argues that the FCC’s proposed rules, passed in March, threaten providers’ ability to offer those services free of charge.
“We think the FCC should look to the FTC’s approach for privacy rules, which recognizes the constitutional rights of companies to communicate freely with customers without having to first ask permission,” a spokeswoman for USTelecom said in an emailed statement to Morning Consult on Monday.
Wheeler has argued that the FCC’s privacy regime can coexist with FTC rules. In his vision, the FCC would police the data trafficked by broadband service providers, and the FTC would then take charge of the edge providers.
Consumer advocates have argued the FCC is right to move forward in its original path to take a stronger position on internet privacy.
“The FCC should not borrow the FTC’s sensitivity-based regime for ISPs,” Eric Null, policy counsel at the New America Foundation’s Open Technology Institute, said in an email. “As a matter of policy, drawing such a distinction would be cumbersome for the FCC to enforce and ISPs to comply with, and would encourage ISPs to engage in wholesale privacy violations by inspecting network traffic to determine what is and is not ‘sensitive.’”
It’s obviously not a done deal yet. FCC observers know not to be too sure of anything after the scheduled vote on agency’s cable set-top box rules ended with the commission unexpectedly yanking it from the September agenda.
Not everyone is happy with these incremental developments. Tim Sparapani, senior policy counsel at CALinnovates, a tech advocacy group, said that while “every bit of harmonization is good both for consumers and for entrepreneurs,” there should be broader changes.
Aligning the FCC’s rules with the FTC’s approach “still doesn’t make this whole thing worthy of being salvaged,” Sparapani said in an interview. Instead of adding a new layer of rules, the FCC and FTC should come together to form a unified new set of rules that would split the roles between them, he said.