The Federal Communications Commission’s new consumer privacy rules cause disagreements among experts about whether the rules are overbearing or progressive.
The FCC created new privacy requirements for Internet Service Providers (ISPs) to meet following the 2015 Open Internet Order, which placed broadband under the FCC’s jurisdiction.
Broadband formerly was under the jurisdiction of the Federal Trade Commission, which was praised by the White House for being the best agency to handle consumer privacy in 2012, according to Jon Leibowitz, co-chair of the 21st Century Privacy Coalition and former FTC Commissioner.
“The FCC’s proposed rules, if implemented, would impose a number of specific requirements on the provision of biased services that would not generally apply to other services that collect consumer data,” Sen. John Thune, R-S.D., read from comments filed by the FTC staff. “This outcome is not optimal.”
Leibowitz believes that the FCC’s rules diverge too much from the FTC’s policies, which were already working well to protect consumer privacy.
“The ISP’s specific rules don’t provide clear benefits to consumers,” Leibowitz said. “They don’t protect privacy in the way that they should. They may themselves be unconstitutional and more troubling, or at least as troubling; these restrictive requirements represent a fundamental change in the U.S. approach to privacy.”
Leibowitz acknowledged four flaws with the FCC rules. First, they are not technology neutral, meaning they only regulate a subset of the Internet. Second, they would impose opt-in consent requirements for non-sensitive data, which would mean that ISPs wouldn’t be allowed to market their own products to their own customers without prior consent. Third, ISPs would miss the opportunity to create consumer benefits from de-identified data. Fourth, the new rules impose an unrealistic timeline for breach notification and mandate more notifications, which could cause consumers to ignore important messages.
Another concern was that small broadband providers would have difficulty implementing the new rules due to financial obstacles. Matthew Polka, president and CEO of the American Cable Association, suggested that exemptions be made for small broadband providers to ease the financial strain.
Paul Ohm of the Georgetown Law Center believes the FCC rules are an improvement in privacy regulations in that they regulate prospectively instead of bringing cases to court after a company has violated a consumer’s privacy.
Ohm argued that broadband providers owe a heightened amount of security to their users because they can track what consumers read and where they go. Also, in some areas consumers have little to no options when choosing a broadband provider, which leaves it impossible for consumers to choose one that has higher privacy standards.
Ohm also disagrees with Leibowitz’s argument that the FCC’s rules vary greatly from the FTC’s policies.
“It’s a modest set of requirements,” Ohm said. “It overlaps in significant parts with the FTC report.”