Modern field guide to security and privacy
The Federal Communications Commission (FCC) logo is seen before the FCC Net Neutrality hearing in Washington February 26, 2015.
Yuri Gripas/Reuters
|
Caption

US regulator set to tamp down on privacy rules

search for solutions

The Federal Communications Commission will announce plans to delay Obama-era privacy regulations that would push broadband companies to institute stronger standards for protecting consumers' data.

The Trump administration appears set to begin scaling back Federal Communications Commission regulations approved last year to further protect Americans' digital privacy and security. 

The FCC announced last week it would delay the implementation of Obama-era rules that call on internet service providers such as Comcast, Verizon, and AT&T to notify customers before sharing their sensitive personal data with third parties, from Social Security Numbers and web browsing histories to geolocation, finance, and health data. 

Newly instated FCC Chairman Ajit Pai, who voted against the new rules as an agency commissioner in October, appears worried that the regulations would give technology firms such as Google, Facebook, and Twitter an unfair legal advantage over broadband companies in the increasingly lucrative online advertising marketplace, as the rules don't apply to other tech and social media companies. 

"All actors in the online space should be subject to the same rules, and the federal government shouldn’t favor one set of companies over another," acting FCC spokesman Mark Wigfield said in a statement Friday. "Therefore, he has advocated returning to a technology-neutral privacy framework for the online world and harmonizing the FCC’s privacy rules for broadband providers with the Federal Trade Commission’s standards for others in the digital economy."

The forthcoming privacy rules had already come under fire from members of Congress. Last week, Politico reported that Sen. Jeff Flake (R) of Ariz. had amassed 12 cosponsors on a bill that would use a congressional provision to revoke the Obama-era rules. That provision, known as the Congressional Review Act, would have also prevented the FCC from implementing similar rules in the future. 

Yet Mr. Pai's view isn't shared by all of his colleagues at the FCC or the Federal Trade Commission, who say that the temporary stay of the rules – the first step toward completely stopping them – would create an incomplete system for protecting digital privacy. 

"Chairman Pai is determined to take action that leaves consumers without a cop on the beat protecting their personal information from misuse by their broadband service provider," FCC commissioner Mignon Clyburn and FTC commissioner Terrell McSweeny said in a joint statement released Friday. "This means no federal data security requirements whatsoever for broadband providers."

The new regulations, rubber-stamped by the FCC in October, justified more stringent regulations for broadband providers since those companies possess sensitive customer data, such as names, addresses, phone numbers, and billing histories, information that could make for a compelling profile of users for potential advertisers. 

The move comes as the FCC appears to be readying a shift away from Obama-era net neutrality rules that aim to provide consumers equal access to web content, forbidding service providers from favoring certain content. Earlier this month, The New York Times reported that Pai had taken about a dozen actions that could unwind those regulations since taking office in January, stopping several companies from offering subsidized internet rates for low-income families and halting a floated plan to end rentals of cable boxes, potentially giving consumers more choice in that industry.

The FCC also decided last month to loosen net neutrality rules that required some broadband providers to disclose fees, promotional rates, and data caps.

Some privacy advocates worry that the stay of the rules could move the US further away from developing a robust regime of digital privacy rights for consumers. In contrast, the European Union's data protection reforms put into effect last year articulate individual rights to accessing, transferring and a "right to be forgotten" – ensuring that companies such as Google and Facebook can't retain data without the consumer's permission. 

"The US does not have a comprehensive data privacy law or regime that protects consumers across the internet ecosystem," said Natasha Duarte, a fellow at the Center for Democracy and Technology, a Washington-based technology policy think tank. "That would be the ideal that we would have one robust comprehensible standard that consumers would be able to control what happens to their data, whether it’s [internet service providers] or Google."

Ms. Duarte adds that the notion that broadband providers are uniquely qualified to track users' internet activity "is not giving a full picture of what these businesses look like. They do either currently or want to operate ad businesses that look a lot like what Google is doing with ads."

What's more, there appears to be little movement on an Obama-era push for a Consumer Privacy Bill of Rights that would have given Americans greater ability to see and control which companies collected their data, an effort that seemed to slow in the latter part of the last administration. And while 47 states and several US territories employ breach notification laws that require companies to notify users of digital security incidents, House and Senate efforts to create a federal law stalled in the Obama years, and haven't yet been taken up by the new Congress. 

As FCC moves forward with its decision, privacy advocates are battening down the hatches for a number of key fights this year. On Wednesday, the House Judiciary Committee will hold its first hearing on the potential reauthorization of Section 702 of the Foreign Intelligence Surveillance Act, a provision set to expire this year that allows US agencies to target non-citizens for intelligence collection. 

Even though President Trump has been largely mum on the subject of digital rights, other than to call for a boycott of Apple's products last year after the computing giant refused to develop password-busting software to help the FBI unlock the San Bernardino, Calif. shooter's iPhone – advocates worry that the FCC's decision could signal that the White House isn't interested in protecting consumers' privacy. 

"With the change in administration, basically what's happened is that the regulatory philosophy has changed," says Eric Null, policy counsel at New America's Open Technology Institute. "This really goes to show how little interest Chairman Pai has in protecting consumers."

But in petitioning the FCC for a stay of the rules earlier this year, interest groups representing broadband companies said federal privacy rules treated providers such as Verizon, AT&T and Comcast unfairly compared to tech companies that dominate the digital ad industry. As The Christian Science Monitor reported on Saturday, Google's advertising machine makes up more than 86 percent of the $26 billion in revenue it listed at the end of last year. By the first half of last year, Google accounted for 60 percent of growth in the advertising market over the past twelve months, with Facebook coming it at 43 percent, while the rest of the industry contracted by 3 percent. 

It's not clear that consumers want online privacy standards to be weakened, either, according to recent surveys on the issue. The technology compliance company TRUSTe's 2016 Consumer Privacy Index showed that 43 percent of consumers were more worried about their data than the year before, following a 2015 survey from Freedman Consulting that showed that eighty percent of Americans were concerned about their online privacy. 

That's led a coalition of digital rights advocates, led by Sen. Ed Markey (D) of Mass. have lined up to oppose the blocking of the rule, arguing that it could open up users to invasions of privacy from their internet service providers.

"What would happen is that [providers] would be in a situation where nobody has any privacy authority over them," said John Simpson, privacy project director at Consumer Watchdog, a consumer advocacy group based in Santa Monica, Calif. "They could make decisions about whether you’re a credit risk, and you wouldn’t have any ability to dispute the conclusions that are available to you. There would be no check on their ability to go down that road."