Recently, the Federal Communications Commission has proposed to construct a new, additional regulatory apparatus, asserting, without any factual support, that creating untested and discriminatory rules for internet service providers (ISPs) will be the silver bullet for protecting consumers’ privacy.
However, since the beginning of the World Wide Web the Federal Trade Commission has exercised oversight of the internet ecosystem, including websites and internet service providers. The agency has been focused on deceptive and unfair practices and on how data have been collected and used. Under this comprehensive FTC approach there have been very few ISP-related privacy or data security issues.
As MANA National President Amy Hinojosa recently wrote in The Huffington Post, “The FTC is the lead federal consumer protection agency and has been a strong cop on the beat for our privacy. But in a classic case of the ‘law of unintended consequences,’ the FTC had the jurisdictional rug pulled from under its feet for a small portion of the internet—broadband providers—due to legal changes contained in the Open Internet rules passed last year.”
Hinojosa continues, “As a result, the FCC—which regulates telecommunications—is now eager to put their footprint in this space by knitting a patchwork set of rules that would apply narrowly to broadband companies while exempting everyone else. In fact, the rules under consideration at the FCC would be a huge step backwards for consumers—confusing consumers and increasing the risk of abusive or discriminatory use of our data online.
Instead of an inconsistent patchwork based on false assumptions and a misreading of the privacy threat, the FCC can and should step back and put consumers ahead of this jurisdictional land grab and learn from the success of the FTC approach that puts consumers in the driver’s seat rather than in a maze.”
As Hinojosa points out, the FCC does not have relevant experience in the consumer privacy realm. While the Communications Act does convey a limited amount of power to cover consumer privacy of satellite and cable subscribers, the actions that the FCC has taken have been almost completely about billing information.
The FTC is appropriately limited to enforcement proceedings after a determination that it has the authority to do so under the relevant law. Such actions send signals to the marketplace as to what is within the bounds of acceptable and legal behavior, allowing for flexible solutions and for innovation to flourish. On the other hand, the FCC makes prophylactic rules which quickly constrain the marketplace with enforcement actions being brought if the rules are violated.
Further, the Communications Act does not provide a basis for the expansion of power that the FCC is seeking. Specifically, the Act contemplates records of phone calls and billing information, not authority over the sorts of broad, personal data the FCC is trying to claim.
Ultimately, too many government entities looking after our privacy means that we do not have any. Consumers will not have a solid understanding of what signals to watch for that indicate a data breach or a scam. The result is a less vigilant populous increasingly prone to their data being collected and used inappropriately without the understanding that certain actions are wrong.
The FCC should bear the burden of proving that it is needed in this area or can add something of value before even considering moving forward. At the very least, a factual, data-driven analysis of whether consumers will gain or be harmed should be undertaken. Even if the Commission had the authority to institute a new and untested regulatory regime doesn’t mean that it should do so.