FCC prepares to pull broadband privacy rules adopted last year

FCC Chairman Ajit Pai announced his intention today to block a privacy rule adopted by the Commission late last year. Citing its disharmony with existing FTC rules, Pai intends to prevent its coming into force as planned on March 2.

A statement from the FCC’s media relations office (not Pai himself, for some reason) said “All actors in the online space should be subject to the same rules, and the federal government shouldn’t favor one set of companies over another.”

There’s truth to that, but in this context it’s misleading — like Pai and Commissioner O’Rielly’s description of the “onerous” compliance rule yesterday that turned out not to be so onerous after all.

The privacy rules adopted by the FCC in October are specific to ISPs, and the most important one requires them “to obtain affirmative ‘opt-in’ consent from consumers to use and share sensitive information” — defined as location, children’s information, app usage history, and so on. But as Pai pointed out at the time, the FTC already has rules that protect many of these.

The issue, as Chairman at the time Tom Wheeler saw it, was that ISPs were in a unique position to suck up lots of data about consumers — a different position from, say, a company like Amazon or Apple. And the data practices of communications provider companies are something the FCC is meant to monitor and regulate.

Edge providers, on the other hand, aren’t really in its mandate. Yet strangely, in his dissenting argument, Pai wrote “nothing in these rules will stop edge providers from monetizing your data, whether it’s the websites you visit or the YouTube videos you watch or the emails you send or the search terms you enter on any of your devices.”

These rules catered to ISPs because ISPs, in the Commission’s majority opinion, had insufficient consumer protections. That edge providers, which the FCC does not have power over, are not affected was kind of the whole point.

Later in Pai’s dissent, he writes:

So if the FCC truly believes that these new rules are necessary to protect consumer privacy, then the government now must move forward to ensure uniform regulation of all companies in the Internet ecosystem at the new baseline the FCC has set.

That means the ball is now squarely in the FTC’s court. The FTC could return us to a level playing field by changing its sensitivity-based approach to privacy to mirror the FCC’s.  No congressional action would be needed in order for the FTC to establish regulatory consistency and prevent consumer confusion.

That’s good sense, and perhaps it would have come to pass — if Pai had not become Chairman and proposed that these very same rules he suggests as the baseline be prevented from coming into effect. I asked for more information on what exactly in the rules did not jibe with the FTC’s; “the data security restrictions,” according to an FCC representative, although that doesn’t narrow it down much, since much of the rule is dedicated to that topic.

So in October he suggested the FTC harmonize its rules with the FCC. Then today, he suggests the FCC harmonize its rules with the FTC. Who can harmonize anything when no one knows what rules are even going to take effect and the leadership is arbitrarily unmaking rules it passed months ago?

Update: FCC Commissioner Clyburn and FTC Commissioner Terrell McSweeny issued a joint statement denouncing the intended actions.

“The rules the FCC adopted conform to long standing FTC practice and provide clear rules on how broadband companies should protect their customers’ personal information.  This action weakens the security requirement guarding every consumers’ most personal data and should be reconsidered,” said McSweeny, rather discounting the idea that the FTC would applaud the move which ostensibly was to prevent trouble between the two Commissions.

Clyburn expressed her disapproval of the proposal and the manner in which it was made:

“Today Chairman Pai has created an unfortunate dilemma: accept a Bureau-level action that indefinitely unwinds key consumer privacy protections established by the FCC last year, or accept four business days (rather than the usual three weeks) to evaluate and vote on a decision that has massive ramifications for the security of private information held by broadband providers.”