BROWSER Act Privacy Bill Goes Too Far

May 24, 2017

Last week, Tennessee Congressman Marsha Blackburn, Chair of the Communications and Technology Subcommittee of the House Energy and Commerce Committee, introduced the first major online privacy bill of the 115th Congress. According to the bill’s caption, H.R. 2520 would “require providers of broadband internet access service and edge services to clearly and conspicuously notify users of the privacy policies of such providers, to give users opt-in or opt-out approval rights with respect to the use of, disclosure of, and access to user information collected by such providers based on the level of sensitivity of such information.”

We agree with the Chairman that privacy regulation should be based on the sensitivity of the data involved.  That has always been the approach in the U.S., where both the Federal Trade Commission (FTC) and the industry’s self-regulatory program, the Digital Advertising Alliance (DAA), recognize that financial, health, children’s and other similar sensitive data should be treated differently than a wide range of non-sensitive data.

Unfortunately, Chairman Blackburn’s bill treats a vast range of ISP browser and app data and similar data collected by edge providers as highly sensitive, requiring opt-in consent by consumers for its collection and use.

In our view, this goes way too far. Substantial amounts of browser and app use data deals with highly innocuous information such as searches for sports scores, weather reports and a multitude of other innocuous every day activities. ANA believes that treating too many categories and issues as highly sensitive will undermine the ability of consumers to focus on what is truly significant regarding their privacy interests.  

This was one of the most serious flaws with the ISP privacy rule adopted last year by the FCC when Democrats still controlled that agency. Chairman Blackburn and other Republicans in Congress led a successful effort this spring to repeal the FCC rule using the Congressional Review Act. That led to bills being introduced in more than twenty state legislatures to adopt some version of the FCC proposal. ANA is working with two coalitions to oppose those bills and so far none have passed.  

We believe that maintaining opt-out regimes for non-sensitive data and opt-in for truly sensitive data is the right way to differentiate between appropriate levels of privacy concern. This, in fact, is the stated goal of Chairman Blackburn’s bill. We agree that consumers should have control in the privacy arena and that is why we launched the DAA privacy self-regulatory program to assure and enhance this type of oversight. However, if the definition of sensitive data is explosively expanded requiring a constant bombardment of opt-in consent notices this will unintentionally harm both consumers and business. It also is still unclear in her legislation how explicit the opt-out provision of her bill will need to be.

The advertising community has always had a very good working relationship with Chairman Blackburn. We agree with her that the FTC should have regulatory primacy in the privacy arena for both ISPs and edge providers. We agree that there should be federal preemption in regard to privacy regulation. We will be reaching out to the Chairman and her staff to express our concerns about the definition of “sensitive user information” in her bill and in order to assist in trying to find a better and more balanced approach to this critical issue. 


You must be logged in to submit a comment.