Last week, President Trump signed a congressional resolution to roll back the Federal Communication Commission’s (FCC) broadband privacy rules adopted in 2016. The response has been a loud outcry that privacy on the internet is dead. On the contrary, the vast majority of the internet is still under substantial regulation by the Federal Trade Commission (FTC).
The FCC’s privacy regulation was targeted specifically at “broadband providers,” or telecommunications carriers offering internet access to customers, but it had no effect on the sites and services operating across the internet, often referred to as “edge providers.” In crafting the regulation, the FCC found characteristics -- broadband customers cannot easily switch carriers and broadband companies can capture a broader range of data than providers of streaming video, search engines and e-commerce sites -- that make broadband providers unique from other entities operating in the internet ecosystem.
This now-repealed FCC regulation had no impact on all other entities operating on the internet. Social networking, search, and all elements of digital content have long been regulated very strictly by the FTC. The FCC’s broadband privacy rule had no impact on this regulation, so neither did the repeal of the FCC’s rule. They are independent privacy regimes. Companies under this ongoing FTC regime must ensure that their privacy and data security practices are neither unfair nor deceptive, and they must provide a high level of care for sensitive data, which has more onerous regulations, including opt-in for collection. This model highly enforceable, as evidenced by the more than 100 cases the FTC has brought over the last decade.
In fact, as SIIA highlighted in this white paper, the Fair Credit Reporting Act (FCRA) is one of the premier federal statutes regulating data that pertains to credit or eligibility, and it has stood the test of time in terms of its ability to be applied and enforced rigorously on companies operating across the internet. In our paper, we highlight how FTC enforcement and business compliance in recent years demonstrates how effectively the FCRA framework protects consumers from harm in the 21st century, including entities that use the most advanced technology, including online data aggregation, social media and mobile apps
We have to be clear: Privacy for customers of social media, search engines, streaming video, and websites is fully protected under existing FTC authority.
On top of that, there is a long history of self-regulation, established through industry codes of conduct and best practices, which are also enforceable when companies make commitments to adhere to these practices. The U.S. Department of Commerce has played a leading role in helping to spur such initiatives through their privacy multistakeholder initiative which has been ongoing for several years. This has yielded industry best practices and codes of conduct on issues from drones, to mobile apps and facial recognition.
David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPolicy.