When Privacy Regulation Could Do More Harm Than Good

Once again, the Federal Communications Commission is about to take major action affecting the internet, right before an election and without sufficient consideration of its impact. This time, the issue is consumers’ privacy on the internet.

Back in April, with the goal of protecting user privacy, the FCC launched a rulemaking proposing severe new restrictions on the internet service providers that connect consumers to the internet. While well intentioned, the agency’s proposal swept too broadly – and, as on previous occasions, the agency has had to backtrack significantly from its original idea in the face of strong public reaction.

Chairman Tom Wheeler now claims that his revised proposal tracks the Federal Trade Commission’s existing privacy framework, which governs the conduct of internet edge providers, such as e-commerce companies. Given broad consumer acceptance and the massive commercial growth of the internet under the FTC’s framework, many interested stakeholders asked the FCC during its public comment period to adopt the FTC’s framework as the privacy requirements for ISPs. Doing so would promote clarity for consumers and ensure a consistent set of rules across the internet ecosystem.

Unfortunately, contrary to the chairman’s claim, the FCC is on the verge of embracing a much broader set of ISP privacy requirements than the FTC’s framework imposes on edge providers. The FCC proposal would require that ISP customers grant affirmative “opt in” consent before the ISP could use virtually any web browsing data. By contrast, under the FTC’s “opt out” framework, no such requirement exists when consumers search and browse on edge providers’ websites.

ISPs rightly object to this disproportionate burden. Justifiably, they point to the fact that edge providers access far more consumer browsing and app usage data than ISPs and monetize it through internet advertising in far greater volume than ISPs. If fact, the growing use of end-to-end encryption, virtual private networks and other proxy services renders a large amount of the data flowing across their networks invisible to ISPs. It’s already technically impossible for ISPs to access about 70 percent of global Internet traffic. By contrast, few limits apply to the insights edge providers have into their users’ web activities. The plain fact is that edge providers use consumer data far more intensively than ISPs.

Even prominent edge provider Google – which surely knows a thing or two about web browsing and search – thinks the FCC’s approach doesn’t make sense, writing that the FTC’s opt-in “framework recognizes that while U.S. consumers consider healthcare or financial transactions, for example, to be sensitive information that should receive special protection, they do not have the same expectations when they shop or get a weather forecast online.

“Thus, although Google and other companies take strong measures to avoid using sensitive data for purposes like targeting ads, consumers benefit from responsible online advertising, individualized content, and product improvements based on browsing information, regardless of the company collecting the data.”

Advertisers, too, have said that implementation of the FTC framework across the entire internet ecosystem is far superior to the FCC proposal. Major trade associations of those who place the vast majority of web ads believe that Chairman Wheeler’s proposal is far broader than the FTC’s rules and would disrupt the smooth functioning of the internet economy. Whether we like it or not, that economy depends in good measure on the online advertising that helps constrain the prices of internet-provided services and enables large amounts of content to be provided for free.

A key distinction involves the definition of what is truly “sensitive” information. The FTC framework lists specific categories, including Social Security numbers, financial, health, location and children-related information as sensitive, available to edge providers only following affirmative opt-in consent. The FCC declares all web browsing and app usage history to be sensitive, available only following opt-in consent. It’s hard to imagine how any legitimate policy goal is achieved by placing so much harmless data beyond the reach of ISPs, whose technical ability to use consumers’ information is rapidly declining in any event. The FCC has simply chosen the wrong target and, in doing so, is on the verge of creating widespread consumer confusion.

Consumers have learned, sometimes painfully, that maintaining their privacy on the internet is not as easy as pulling down window shades or building a higher hedge around their lawns. And that’s the real risk with Chairman Wheeler’s latest proposal – why change a unified system to a bifurcated system that could actually prove harmful to consumers by creating confusion and leaving the false impression that information is protected when in fact it’s not?

The solution is simple: The FCC should truly harmonize its proposal with the FTC’s existing rules and defer to that agency’s broader and longer experience with protecting consumers’ privacy. Any attempt at conflicting and disparate privacy regulation will just create confusion and make the internet a less favorable place to do business, with significant negative effects on the e-commerce economy.


Rick Boucher was a member of the U.S. House for 28 years and chaired the House Energy and Commerce Committee’s Subcommittee on Communications and the Internet. He is honorary chairman of the Internet Innovation Alliance and head of the government strategies practice at the law firm Sidley Austin.

Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Submission guidelines can be found here.

Morning Consult