The authority to regulate how internet service providers handle consumer activity online is shifting from the Federal Communications Commission to the Federal Trade Commission — a move that’s unsettling to privacy advocates after President Donald Trump’s Monday repeal of FCC internet rules passed during the Obama administration.
While Republicans want the FTC to be the lead agency for regulating online privacy, advocates say the FTC has shown it cannot adequately protect consumers.
“The core issue is that the FCC has rulemaking authority and the FCC issues substantial fines — the FTC has neither,” Marc Rotenberg, president and chief executive of the Electronic Privacy Information Center, said Monday in an interview. “Having brought lots of privacy cases to both the FTC and the FCC, I’m just not impressed by the FTC’s ability to safeguard consumer privacy.”
He cited two FTC settlements made in cases brought forward by his group, involving Google Buzz and changes made to Facebook Inc.’s privacy preferences, where he said the agency “failed to enforce their own consent orders.”
The FTC did not respond to a request for comment.
FCC Chairman Ajit Pai on Monday said in a statement that the agency will work with the FTC to restore that agency’s authority to oversee internet service providers’ privacy practices, calling the FTC “America’s most experienced and expert privacy cop.”
That means the next step is to make clear the FTC has “authority over common carriers with respect to privacy,” Fred Campbell, director of Tech Knowledge, stated Tuesday.
While the FCC is working to give authority back to the FTC, Pai says his agency plans to continue enforcing privacy protections on a case-by-case basis.
Michelle De Mooy, the director for the Privacy & Data Project at the Center for Democracy & Technology, said there are limitations to taking that approach, noting it’s difficult for the FTC to bring cases efficiently.
“They struggle with resources and with capacity, and I think the FCC would also struggle with that,” she said in an interview Monday.
Advocates are worried the move to repeal the FCC’s rules — the vast majority of which hadn’t taken effect — will create a privacy vacuum. The FCC’s rules would have required broadband companies to receive explicit consent before selling consumers’ personal information, including their web browsing history, app usage history and financial and health information.
Rotenberg, whose group pressed the FCC to draft privacy rules for both internet service providers and internet companies such as Facebook or Google, said robust privacy protections can be achieved without FTC or FCC regulations, via the creation of a federal data protection agency.
“Most modern economies have understood that privacy is such a significant issue that you need an agency not just with the legal authority but with the expertise and the competence to meaningfully engage,” he said.
De Mooy said it’s “encouraging” to see state legislatures involved in finding ways to protect consumer data and fill “this gap in protection that’s going to happen.” She noted that Alabama, California, Illinois, Michigan and Minnesota are the states to watch in drafting electronic privacy legislation.