Et tu, California? ISP Privacy Bill Moving through the Legislature.

June 21, 2017

While the advertising community has been successful over the past several months in defeating or mitigating all internet service provider (ISP) privacy bills at the state level, California is now seriously considering enacting substantial legislation that would completely change the way advertisers operate in the state. AB 375, the California Broadband Internet Privacy Act, threatens to seriously disrupt internet advertising by classifying virtually all ISP communication – including web browsing history – as personally identifiable and creating the need for opt-in consent for the collection of this data. An earlier unrelated bill already had been moved through the Assembly by its sponsor, Ed Chau, who is the Chair of the Privacy and Consumer Protection Committee. The California Senate is now considering a very restrictive privacy proposal which has replaced this initial bill. Due to California’s enormous impact on the U.S. economy in general, if this legislation were to pass, it would create broad adverse precedents and have immediate substantially harmful marketplace impacts.

Up to this point, only certain categories of data collection have required opt-in consent. This generally includes highly sensitive health and financial data, personally identifiable children’s data, and other similar types of information. Under AB 375, virtually all data collection by ISPs, whatever the sensitivity of the information, would require heightened opt-in consent. This expansive definition goes far beyond the Federal Trade Commission’s (FTC) standards for sensitivity and would be a significant departure from current industry practice. If AB 375 becomes the law in California, residents will be faced with a barrage of opt-in notices every time they perform an innocuous online search or simply visit a website.

ANA believes this state-level legislation is unnecessary. Despite claims to the contrary, the Federal Communications Commission (FCC) continues to have authority to regulate ISPs in the privacy area. Consumers’ online privacy is already being protected – and will continue to be protected – at the federal level. If at some point the FCC overturns its net neutrality rule, which stripped the FTC of its ability to police the privacy practices of ISPs, then the FTC will again have full authority to oversee all privacy abuses. There simply is no gap in federal authority that warrants balkanized privacy regulation at the state level.

In addition, the advertising industry has provided consumers with a major privacy tool through the Digital Advertising Alliance (DAA) YourAdChoices icon. By clicking on the icon, consumers can access information and choices about the types of ads they receive. Consumers then have the ability to decide which companies can collect and use their data for advertising-related purposes. While the education campaign for this tool is still ongoing, it has clearly already proven highly successful. The YourAdChoices icon is displayed more than a trillion times each month worldwide, and the FTC and both the Obama and Trump Administrations have acknowledged the great benefits provided to consumers through this self-regulatory program. There have been, for example, more than 68 million visits to the AdChoices site allowing consumers to determine for themselves whether they want to receive interest based advertising.

If California moves forward with AB 375, it will set a dangerous precedent and potentially lead other states to adopt their own ISP privacy laws as well, creating a hazardous web of conflicting state-by-state laws for any company operating in the online space. We urge our members to voice their strong concern and opposition, and we ask California’s state legislators to vote against AB 375.

You must be logged in to submit a comment.