Most people at some point have heard the “trick question” that asks “which weighs more: a ton of feathers or a ton of stone?” In the same vein, the Federal Communications Commission’s (FCC) recent “compromise” revision to its proposed broadband privacy rules mimics that trick question by offering the same level of heavy regulation to Internet service providers (ISP) as the original proposal, but just under new definitions.
In March, the commission proposed privacy regulations for ISPs requiring them to obtain “opt-in” permission from consumers before using or sharing their data. Members of the private sector, including technology firms, criticized the plan for lacking flexibility and creating consumer confusion, because edge providers like websites and streaming services—which are governed by the Federal Trade Commission (FTC)—and the broadband providers that take consumers to those websites would be regulated under two very different regulatory approaches.
During the summer, the FTC issued its own staff comments on the FCC’s broadband proposal suggesting that the commission adopt rules more in line with the FTC’s privacy approach requiring opt-in consent only for “sensitive data.” The FTC provided as examples: “Social Security numbers, and children’s, financial, health, and geolocation data.”
Claiming a compromise approach harmonized with that of the FTC, FCC Chairman Tom Wheeler this month released a fact sheet of the revised broadband privacy rule to be voted upon during the commission’s October 27 open meeting. According to Chairman Wheeler’s fact sheet, the broadband privacy rule will only require opt-in consent for “sensitive data,” but the proposal broadly defines this to include web browsing and app usage history as well as the content of communications.
Far from agreeing with the FTC’s existing framework, the proposal before the Commission would expand the category of “sensitive data” far beyond what the FTC has ever recognized.
Chairman Wheeler’s revised proposal claims to be a compromise that draws upon the FTC’s suggestion of opt-in consent for only sensitive data, but in reality the commission’s new proposal eliminates the need to distinguish between sensitive and non-sensitive data because opt-in consent will still be mandated for most of the consumer information useful for broadband providers. The FCC’s revised rule in essence tells ISPs that they can now be smothered by a ton of regulatory feathers instead of a ton of stone.
So why is it critical that the FCC adopt an approach closer to that of the FTC? If the commission gets the broadband privacy rule wrong, ISPs, consumers, and those providing internet content and services could all suffer negative consequences.
Let’s look at how the proposed privacy regulations could affect three main players in the internet ecosystem.
According to a Moody’s Investors Service report, the proposed broadband privacy rule released earlier this year has the potential to be “credit negative” to the major internet service providers because of the new barriers to competition with digital advertisers and websites. Adding a new burdensome and costly privacy regime comes at a time when the major internet service providers are already expending less in overall broadband capital expenditures.
The FTC’s earlier staff comments highlighted how the rigid proposal of requiring upfront consent for all customer data could actually hamper beneficial uses of data for consumers. Recent polling has suggested that a beneficial use of data such as targeting relevant advertising, which could be affected by the proposal, is preferred by most Americans. In addition, consumers would have to navigate two different sets of privacy approaches with websites remaining under the jurisdiction of the FTC and their broadband providers more heavily regulated by the FCC.
There are calls for more burdensome privacy restrictions on edge providers like websites and streaming services from members of Congress and special interest groups. The FCC’s new, overly-restrictive privacy approach could be used as an example for privacy regulation in other industries. Digital advertising has contributed hundreds of billionsof dollars in revenue to the U.S. economy and has made relatively-inexpensive internet access as we know it possible. Privacy regulations, such as those recommended by the FCC, imposed on the rest of the internet could greatly impede innovation and the digital economy.
The U.S. Chamber has been at the forefront of preventing overly-burdensome regulations and calls for the FCC to adopt a definition of “sensitive data” closer to the FTC to prevent the stifling of the internet economy.