FCC Privacy NPRM Expected To Get Vote as Early as Oct. 22 Open Meeting

FCC commissioners laid out their preliminary positions at the CTIA conference. FCC Commissioner Mike O’Rielly predicted confusion as FCC rules clash with those of the FTC. Commissioner Ajit Pai said ISPs could potentially face one set of regulations by the FCC, while edge providers are regulated in a different way by the FTC. But Commissioner Mignon Clyburn said the FCC has a responsibility to serve as a kind of cop on the beat to protect consumers.

Commissioners are only doing their job when they oversee privacy, said Matt Wood, Free Press policy director. “It’s neither shocking nor problematic that Congress might, in its wisdom, pass different laws or create different agencies to oversee the practices of different kinds of companies and services,” Wood said. “Privacy is important for everyone, and monetization of personal information without regard for privacy can be damaging no matter who’s collecting that information." That does not mean all companies should be subject to similar controls, Wood said: "Controlling the networks and everything that passes over them gives special power to the carriers.”

TechFreedom is looking closely at the issue, President Berin Szoka said. “There’s really no telling where the FCC will go,” he said. The FCC could use its privacy rules to regulate edge providers as well as carriers, he said. The FCC has some experience to draw on, since it has regulated the collection and use of customer proprietary network information (CPNI) for decades, but its experience “pales in comparison to the wealth of institutional knowledge and economic understanding at the FTC,” Szoka said. “More importantly, while the FTC has issued policy statements and otherwise tried to restrain its authority, the FCC has made a broad grasp for authority without any clear, defining limits.” Since the CPNI rules would likely be a “poor fit” for Internet services, the FCC appears to be “starting from scratch, not only crafting new rules but basing them on wholly new legal authority,” Szoka said.

Only late last year, in its TerraCom settlement on alleged Lifeline USF customer privacy violations (see 1507090035), did the FCC “reinterpret” Section 222(a) of the Communications Act as “an amorphous duty regarding privacy and data security, something roughly like, but even broader and murkier than, the FTC’s unfairness standard,” Szoka said. “The FCC has begun using Section 201(b) as a broader version of the FTC’s deception standard and may use it for something like unfairness, too. And under Section 706, the FCC has claimed it may regulate privacy and data security in any way that could reasonably be believed to promote broadband deployment, no matter how small or attenuated the connection.”

Having different regimes at the FCC and FTC to oversee the same conduct is a "bad outcome" for consumers, said Hal Singer of the Progressive Policy Institute. “There will be confusion over what’s acceptable conduct and where consumers can seek redress, with no uniformity in protections,” Singer said. “Some have suggested that the FCC’s reclassification of ISPs was in part a power grab away from the FTC, that is, to prevent the FTC from getting onto the ISP field by claiming the services are telecom and therefore out of FTC jurisdiction, while at same time claiming regulatory control for itself at the expense of a uniform set of consumer protections.”

The FCC will at least open a docket and “we can start to get a sense of the commission’s thinking,” but it might have made sense to start with a notice of inquiry, said Doug Brake, telecom policy analyst at the Information Technology and Innovation Foundation. Broadband network data is “fundamentally different from the CPNI that the commission is used to,” Brake said. It also seems like the FCC is interested in taking a deeper dive into privacy in general, he said. “It is not yet clear what all this information can be used for or even what the proper industry structure is to best preserve customer privacy while unlocking the value of this data,” he said. “A broad privacy rulemaking at the FCC would have important implications for other jurisdictions, both here and abroad. It makes sense to ensure basic expectations of privacy are protected, but the commission should proceed carefully. Better to get this one right than rush to rules.”

FTC enforcement tends to be driven by economic analysis and bipartisan consensus, but “the FCC is much more a ‘finger to the wind’ politically motivated agency,” said Richard Bennett, network architect and visiting scholar at the American Enterprise Institute. “FCC privacy rules for ISPs will be less stable and reliable than FTC standards. With advertising playing a role in broadband pricing, especially for the ultra-high-capacity broadband offerings from Google and AT&T, it becomes part of the long-term infrastructure investment formula. Allowing political agencies to control capital investment is a recipe for disaster.”

The NPRM speaks to the many “far reaching and unknown consequences” from the February net neutrality rules, said Mobile Future Executive Director Allison Remsen. “It appears that privacy will be the first Title II quagmire into which this FCC will step and likely marks the beginning of a multitude of rulemakings the FCC will be undertaking in shaping its vision of a Title II regime,” Remsen said. “Given the wide range of players in the mobile broadband marketplace who have access to consumer data, the FCC will have its work cut out for it to craft privacy rules that neither disrupt the great experience mobile broadband consumers currently enjoy nor distort the marketplace by picking winners and losers." Remsen said crafting a regulatory framework for broadband is a job better left to Congress "as we face a potentially long slog of regulation, litigation and uncertainty.”