COMMENTARY ON LAW AND TECHNOLOGY

Repealing the FCC’s Privacy Rules for Internet Users

Apr-5-2017

In October 2016, the Federal Communications Commission, the FCC, adopted new privacy rules that govern the relationship between Internet Service Providers, ISPs, and their customers. Federal law allows Congress to block agency rules.  Congress did just that with a joint resolution disapproving the broadband privacy rules and President Trump has signed that into law. 

The privacy rules have some things in common with the net neutrality debate, which is about whether Internet service providers can discriminate based on the type of traffic moving through their networks. The Communications Act gives the FCC authority over radio, broadcasting, and telephone services and applies to telecommunications services, like phone companies.These telecommunication services are considered “common carriers” and face more stringent requirements than other services.  For example, Title 2 of the Communications Act includes requirements for data privacy and nondiscrimination.  Between about 2005 and 2015, broadband internet was considered an “information service,” not a telecommunications service.Hence, the law that requires phone companies to protect their customers’ private data and not discriminate against particular kinds of traffic did not apply to broadband providers.

In 2015, the FCC issued a rule to protect net neutrality that reclassified broadband services as telecommunications services.  This meant that ISPs are common carriers and had to comply with Title 2 and stop treating Internet traffic differently depending on its source or its content.

The FCC’s Broadband Consumer Privacy Rules contains a section titled “Privacy of Customer Information”which requires telecommunications carriers to protect their customers’ information, and limits the situations where carriers are allowed to share this information with others.

Broadband providers want to compete with other Internet companies for advertising dollars. Google and Facebook are two of the companies that are most successful at monetizing consumer information. ISPs have access to a lot more consumer data than other companies, so they could make a lot of money by selling information about you to advertisers. But ISPs are not just a website that you can choose to not visit. Many regions in the country don’t have much competition among broadband providers, making it much more difficult to vote with your feet if you don’t like how the ISP uses your personal information.  ISPs may also be able to collect information about your online practices more effectively since they are not limited by the particular device you use to access the Internet.

When they issued the rule, the FCC emphasized that its regulation of broadband carriers was necessary since ISPs serve a gatekeeper role to the Internet. Facebook and Google, on the other hand, are subject to the Federal Trade Commission, the FTC’s jurisdiction. As long as their use of customer information does not rise to the level of being an unfair or deceptive trade practice, the FTC will likely not intervene. Hence, Facebook and Google and other private companies would only have their behaviors criticized retrospectively.  ISPs are subject to stronger default rules that apply prospectively. 

Should companies like Comcast and Verizon be held to higher standards than other Internet companies when it comes to handling customer information?  The new law disapproving this rule takes the side of the ISPs.  This does not mean that your browser information will automatically be sold to the highest bidder, but one of the barriers to do so has been removed. The new law combined with the new FCC chairman’s apparent dislike of net neutrality rules, indicates that the current administration will support ISPs in efforts to increase their profitability. This policy could have significant effects on how consumers experience the Internet, and is something that we should all be concerned about.

Author – Jay Kesan