A Counterproductive Privacy Bill

Privacy activists appear to have some new friends among congressional Republicans. House Communications and Technology Subcommittee Chairman Marsha Blackburn (R-Tenn.) and cosponsors have introduced comprehensive privacy legislation that would apply a strict new privacy regime across the entire internet ecosystem.

The legislation, known as the Browser bill, results from legitimate concerns about an “unlevel” playing field across the internet ecosystem and a mistaken belief that recent congressional action repealing the Federal Communications Commission’s privacy rule, promulgated under former FCC Chairman Tom Wheeler, left consumers unprotected. In fact, Congress’s action was the first step in re-leveling the playing field and returning privacy enforcement responsibilities over internet service providers to the Federal Trade Commission, which had that job before the FCC classified broadband internet service providers as “Title II” common carriers in 2015. Common carriers are exempt from FTC jurisdiction. The FCC then filled the gap by promulgating its now-repealed privacy rule.

The FTC has long been the principal U.S. privacy enforcement agency and, overall, has done a good job. The agency has studied privacy issues and enforced privacy standards for decades. The FCC, on the other hand, has limited expertise in this area, as demonstrated by its rule, which did not reflect an appreciation of the benefits that flow from information collection and use and the costs associated with limiting that flow.

The FCC rule was heavily criticized not just for its failure to acknowledge a tradeoff between restricting information collection and innovation, but also because it applied only to ISPs, putting them at a competitive disadvantage vis-à-vis edge providers in the large and growing digital advertising market. Expanding the FCC approach to the entire internet ecosystem addresses the problem of asymmetric rules, but by ensuring that everyone suffers the potential loss in innovation rather than by letting everyone innovate with data.

Like the FCC rule, the Browser bill mandates consumer “opt-in” approval for data collected and used for most commercial purposes. Under an opt-in rule, individuals must affirmatively agree to have their information used (as opposed to having the option to opt out of information collection). Typically, opt-in approval is limited to sensitive data, such as health or financial information. Applying it across-the-board would be a major change for the internet ecosystem, because edge providers and commercial web sites generally do not require users to opt-in to collect non-sensitive information. But the Browser bill, like the Wheeler FCC, defines sensitive data so broadly as to include virtually everything.

Evidence suggests that an opt-in rule would reduce the amount of information available to the economy, precluding many of the innovative ways in which data are used for a variety of purposes, from marketing to credit checking to health research to fraud prevention. As the Obama administration’s President’s Council of Advisors on Science and Technology noted, in the era of big data “the beneficial uses of near-ubiquitous data collection are large and they fuel an increasingly important set of economic activities.”

Privacy advocates, and many Democrats in Congress, have long favored comprehensive privacy legislation incorporating an opt-in requirement. It is thus somewhat ironic that such a bill has now been introduced by the Republican majority. But no evidence suggests that an opt-in regime would yield benefits in excess of costs, or even any benefits at all. The bill would, however, impose costs by making it more difficult to collect and use data in ways that benefit consumers.

The Browser bill would return privacy jurisdiction over ISPs to the FTC, but would do so under a new and restrictive regime. The better route to reinstating FTC jurisdiction is to follow repeal of the FCC privacy rule with repeal of the Title II classification. The FCC now has a rulemaking underway intended to accomplish that objective, a much better course than new privacy legislation.

Thomas M. Lenard is senior fellow and president emeritus at the Technology Policy Institute. TPI receives general support from ISPs, internet companies, and media and content companies.

Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.