Pai: FCC Required to Ensure Internet Privacy Even Without Agency Rules

FCC Chairman Ajit Pai (Rob Kunzig/Morning Consult)

Federal Communications Commission Chairman Ajit Pai said Wednesday that even if the agency’s internet service provider privacy rules are undone, the FCC would still be obligated by communications law to protect consumer information.

It’s the first time the Republican chairman has said broadband companies would be subject to FCC privacy enforcement in the absence of rules passed by the agency last year under former Democratic Chairman Tom Wheeler. Pai’s remarks come a day after Republican Sen. Jeff Flake (Ariz.) introduced a resolution, with 23 GOP co-sponsors, that would use the Congressional Review Act to repeal agency rules requiring ISPs to obtain consent before using consumer data for marketing purposes.

Senate Commerce Committee Chairman John Thune (R-S.D.), a co-sponsor of that resolution, today asked Pai what would happen if the FCC’s rules “suddenly went away,” and if the FCC would still be “obligated to police broadband privacy practices under Section 222 of the Communications Act?”

“That’s correct, carriers would still have their obligations under Section 222 in addition to other federal and state privacy data security and breach notification requirements,” Pai responded at a Senate Commerce Committee oversight hearing.

Section 222 of the 1934 Communications Act requires telecommunications carriers to protect the privacy of their customers’ personal information. The FCC’s 2015 Open Internet order reclassified internet service providers as a telecommunications service, which then gave the agency the authority to pass broadband privacy rules in October 2016.

“Section 222 gives the FCC authority over the privacy practices of telecommunications providers,” Mark Wigfield, an FCC spokesman, said in response to an email inquiry from Morning Consult. “So even in the absence of specific rules, the FCC would have the ability to regulate privacy on a case-by-case basis.”

Pai’s remarks are a departure from the arguments some Republicans and industry members have made in the past.

When the FCC passed the privacy rules, Republican Commissioner Michael O’Rielly said Sec. 222 gave no “independent authority” to “regulate privacy or data security, regardless of the technology.”

USTelecom, an industry group representing both AT&T Inc. and Verizon Communications Inc., has argued that consumer information shouldn’t be subject to FCC regulation under Sec. 222.

Matt Wood, policy director for consumer advocacy group Free Press, on Wednesday said that without the privacy rules the FCC would only be able to hear complaints that users might bring, which he called a “high bar, and disincentive.”

He noted that Pai and Thune have pledged to undo the FCC’s reclassification of broadband companies as common carriers under Title II of the Communications Act. “Section 222 is part of Title II,” Wood said.

Flake’s resolution would prevent the FCC from issuing “similarly harmful regulations in the future,” according to a release from the Arizona Republican’s office. Wood said that would forbid “issuance of substantially similar new rules,” meaning the FCC would have to “fall back on authority to hear complaints” based on the statute Republicans aim to roll back.

This story has been updated to include an email statement from an FCC spokesman.

Morning Consult