The opportunity for the public to comment on the Federal Communications Commission’s (FCC) proposal to craft new privacy rules for Internet Service Providers (ISPs) closes on July 6. The Commission will then begin formulating new privacy rules that could — but will not as currently framed — advance consumers online privacy.
The FCC is presented with the unique opportunity of producing rules that recognize the expanding Internet of Things (IoT) — a world where a myriad of consumer and other devices will be connected to the Internet and/or each other with reams of personal data being generated and collected. But the FCC’s effort will fall short unless it remedies a fundamental omission with far-reaching implications for online users.
Failing to do so could produce rules resulting in unintended downstream consequences —confusing and conflicting, not complementary, consumer online privacy protections.
The proposal’s genesis is the FCC’s 2015 reclassification of ISPs as telecommunications services, falling under the same regulatory framework as the old phone system. This change generated more Commission oversight and a decision that it needed to apply privacy rules for the old phone network to Internet providers.
Here’s the fundamental mistake in the way the FCC has framed the proposal. Google, Facebook, Amazon and a myriad of other “edge providers” are not covered by the eventual privacy rules that will be drafted.
Their exclusion undermines the Commission’s laudable goals. There should be consistent, across the board rules for collecting and using consumer data regardless of the online company, platform, application or service being used.
Why is this so crucial? Because a narrow focus on just the ISPs is short sighted given the multiplicity of devices consumers use and will be using. It also doesn’t reflect reality and creates a piecemeal approach that will only create unnecessary confusion for consumers.
It’s likely that many consumers aren’t thinking about how they are specifically connecting to the Internet when they go online. They log on, go to a website and start roaming — from a particular business site then maybe to Facebook or Amazon or Snapchat via a mobile device and back and forth.
So where will consumers go if they have a privacy problem with their broadband ISP or Amazon, for example. The FCC’s coverage omission creates an unintended variation on “who’s on first?”
Here’s why. The FCC’s now expanded broadband ISP oversight has resulted in decreased privacy jurisdiction of the Federal Trade Commission (FTC) with regard specifically to ISPs. So there will be FCC privacy rules for some online entities, a different set of FTC privacy rules for other entities and potentially no or conflicting rules for other online platforms.
Consumers could end up ping ponging between and among the FCC and the FTC and who knows how many other agencies as they try to figure out which agency has jurisdiction for their privacy problem. Or worse even, the Commission’s expanded privacy scope coupled with the FTC’s decreased privacy scope could create a coverage gap —a consumer problem which neither can address.
To its credit, the FCC has said it has been, and will continue to be, collaborating with the FTC on privacy issues. But that alone, does not resolve the core issue of the too-limited scope of the its proposal, and ultimately, the privacy rules it promulgates.
Finally, the FCC’s narrow focus fails to reflect the real-world concerns consumers have and are expressing. They want more, not less, protection for their online information as confirmed in the Pew Research Center’s January 2016 report.
According to the survey, respondents said they want more control over their personal information; that they believe they’ve lost control over the amount of their personal information collected and used by companies; and that current U.S. laws do not sufficiently protect their online privacy.
Inconsistent and patchwork privacy rules will only compound consumers concerns and confusion. It is not unprecedented for a federal regulatory agency to revise or even reissue a proposed rule based on public comments. This is just such an instance and the FCC would advance its consumer privacy goals by doing so.