The FCC and Internet Privacy

February 23, 2016

Sixty privacy and consumer advocates recently urged the Federal Communications Commission (FCC) to become a “brawnier cop on the beat” under its Open Internet “net neutrality” Order. That Order is currently subject to strong legal challenge, with a decision widely expected this spring. When the FCC adopted the Order last year, FCC Chairman Tom Wheeler said that having the FCC adopt broadband privacy requirements was among his highest priorities. So, these consumer/privacy organizations now urge the FCC to begin a broad rulemaking proceeding to address data collection, data breach notification, and accountability for failure to take precautions to protect personal data. They also want the FCC to require broadband providers to disclose data collection practices to their subscribers.

Meanwhile, a group of cable and consumer electronics entities sent a letter to the FCC urging that any FCC privacy rules for broadband should be consistent with the unfair/deceptive standard used by the Federal Trade Commission (FTC) to oversee privacy. The FTC, long the predominant federal privacy enforcer, has for years monitored privacy policies and practices and used its authority under existing law to enforce violations that harm consumers. As the cable and consumer electronics group noted, the FTC’s privacy framework is time-tested and has “accomplished two important goals – it provides consumers with meaningful privacy protection and helps to enable a dynamic marketplace that supports the emergence of innovative new business models.”

Legal analysts differ as to whether the FCC has the statutory authority to adopt privacy protection policies. Some suggest that the FCC’s existing “public interest” authority allows it to act against unfair or deceptive practices. Others claim the FCC could act under its Communications Act of 1934 "section 222" authority. Using rules originally written to protect customer network information collection by telephone companies, the FCC might adapt them to the internet ecosystem, or construct an entirely different interpretation of the rules for broadband services. Still others wonder whether the FCC needs additional statutory authority to move forward.

In ANA’s view, the FTC is the appropriate entity to oversee internet privacy. It has been carrying out that role, and doing it well for years. This fact is something consistently acknowledged by Chairman Wheeler. However, when the FCC reclassified broadband services via the Open Internet Order, it severely undermined the FTC’s ability to bring enforcement actions against common carriers, since the FTC is precluded by law from taking action against common carriers regulated by the FCC. Earlier this year, the FCC and FTC tried to patch up their differences through a Memorandum of Understanding (MOU) outlining the “cooperative” efforts the two agencies would take.

We simply don’t need a “brawnier” or “additional” cop on the beat. The addition of the FCC to the regulatory landscape would inject confusion and uncertainty into privacy regulation. Even if the FCC were to adopt rules similar to the FTC’s unfair and deceptive policies, years of litigation and interpretation would ensue as the scope and applicability of the FCC’s new muscle-flexing plays out. Especially in the swiftly moving internet environment, it’s not practical – or necessary – to have a new privacy enforcement agency. The FTC is doing its job and should be allowed to continue to do it.

At the very least, if the FCC decides to act in this area, it should hew as closely as possible to the FTC’s interpretations of unfairness and deception regarding privacy. That might go a little way toward minimizing what could otherwise be a hodgepodge of inconsistent, duplicative, and disruptive regulatory activity.

You must be logged in to submit a comment.