Last October, the Federal Communications Commission (FCC) reversed two decades of effective online privacy regulation when it finalized a new set of privacy rules. The rule was adopted by a 3-2 vote, with the two Republican commissioners dissenting strenuously.
Both sides of this debate want the same thing: effective privacy enforcement. When we go online, we inevitably transmit data about ourselves to website hosts and our internet service providers (ISPs). We all agree that websites (edge providers) and ISPs alike should honor their promises and that the federal government should step in where consumer expectations are upset.
ACT | The App Association believes that the FCC rules fail to meet these goals and actually pose a threat to consumers. We’re highlighting an industry coalition’s letter to Congress asking that both chambers vote to repeal the rules via a resolution of disapproval under the Congressional Review Act (CRA).[1] Not only does the FCC lack solid legal grounds for the rules, but there are several compelling policy reasons why the rules do more harm than good and should be repealed.
First, the rules effectively move ISP privacy regulation out of the Federal Trade Commission’s (FTC’s) jurisdiction. The FTC is an enforcement agency with the power to stop “unfair or deceptive” acts or practices in commerce. This gives the agency the flexibility to stop privacy practices where they diverge from consumer expectations, without freezing innovation by imposing onerous rules. Because their competition-driven innovations produce massive consumer benefits, app developers prefer this approach.
Second, the rules arbitrarily segregate the internet ecosystem because they only apply to ISPs. For example, the rules require ISPs to obtain affirmative consent before accepting certain types of information—such as web browsing data and app usage—from consumers. A website isn’t obligated to get your permission to collect your browsing data. Ultimately, these rules confuse consumers because they establish obstacles when ISPs collect data but not when edge providers do.
Third, the rules harm competition, which hurts consumers. Currently, ISPs and edge providers compete with each other for online advertising. Data collected from consumers helps hone and personalize advertising campaigns, which makes advertising more effective and more relevant for consumers. In turn, advertising funds vast portions of the internet, preventing many websites from needing to charge consumers directly. The rules disadvantage one class of competitor in the online ad market, which poses a direct threat to the competitive engine that funds the internet.
Fourth, the rules offer no evidence justifying stricter regulation of ISPs. The charge that ISPs see more traffic than other companies in the internet ecosystem is heavily disputed at best.[2]
Of course, the FCC still has a role in protecting privacy. The App Association has advocated that the FCC to adopt an FTC-like approach, but unfortunately the FCC took a different path. If Congress clears the slate on ISP privacy rules, the FTC, under the leadership of Chairwoman Maureen Ohlhausen, will again be empowered to take the reins and continue its solid work on internet privacy.
[1] See 5 U.S.C. § 802.
[2] http://www.iisp.gatech.edu/sites/default/files/images/online_privacy_and_isps.pdf