Wednesday, April 19, 2017

Maryland’s Broadband Privacy Bill Was a Solution in Search of Problem

On April 4, 2017, the Maryland State Senate allowed for the late introduction of the Internet Consumer Privacy Rights Act of 2017. The bill was introduced just days before the legislative session ended, purportedly as a response to President Trump signing the repeal of the Federal Communications Commission’s (FCC) unnecessary and overly burdensome Broadband Privacy Order. The Maryland bill showed that Maryland policymakers misunderstand how Internet service providers (ISPs) and edge providers, like Google and Facebook, use the advertising business model to offer innovative and consumer-friendly services.
Fortunately, the bill went nowhere during the legislative session. Nevertheless, because it was introduced, it’s worth examining why the effort was misguided.
Consumers expect consistent, common sense rules throughout the entire Internet ecosystem. Had the FCC’s broadband privacy regulations gone into effect, there would have been asymmetric privacy regulations between ISPs and edge providers, like Google. The FCC’s Broadband Privacy Order would have enabled Google and Facebook, which currently dominate over 60% of the online advertising market, to capture an even larger share of the market by creating additional privacy regulations for only ISPs. One Maryland Senator called the repeal of the Broadband Privacy Order an “emergency.” But the status quo regarding broadband privacy did not change with the repeal because the FCC’s rules never actually went into effect. And given that ISPs only have access to 30% of consumer data, it was not an emergency before the FCC adopted the Broadband Privacy Order, and it is not an emergency now that Congress and President Trump have repealed those unnecessary regulations.
The Maryland bill would have banned ISPs in Maryland from displaying “certain advertisements to a consumer” and refusing “to provide services to a consumer because the consumer refuses to take a certain action.” In an August 2016 Perspective from FSF Scholars entitled “FCC Privacy Rules Would Harm Consumers by Creating Barriers for ISP Advertising,” I explained how ISPs and edge providers use the advertising business model as a means of offering, without charge, innovative services to consumers.
ISPs cannot offer free data and sponsored data services and businesses often cannot offer public WiFi without ISPs collecting consumer data. The advertising revenue that ISPs generate from these services is the incentive they have to offer free services and content. Maryland’s bill would have banned ISPs from refusing to offer services and content to consumers who choose not to share their consumer information, which, literally, is the business model that enables consumers to enjoy free services. Had the Maryland legislation been adopted, ISPs may well have stopped offering free data services and businesses might well have stopped offering public WiFi to any consumers in Maryland, because the law would have heavily restricted ISPs from delivering targeted advertising.
Many practical questions would have arisen about the enforcement of these rules because the Internet economy does not end at state borders. What makes the relationship between a consumer and an ISP a Maryland or state-level issue? If a person has a home address in Maryland but accesses the Internet elsewhere, do the rules apply to that individual? If a Maryland resident travels to Virginia or Pennsylvania and uses his or her mobile device, do the rules no longer apply? If ISPs refused to offer innovative services to Maryland consumers because of these burdensome regulations, this may have pushed residents and businesses into neighboring states where they could connect to free data services and offer public WiFi with tailored advertising.
In a March 2017 Perspectives from FSF Scholars entitled “The Right Way to Protect Privacy Throughout the Internet Ecosystem,” Daniel Lyons, a member of FSF’s Board of Academic Advisors, discussed how, in the short term, the FCC should enact privacy rules that mirror existing Federal Trade Commission (FTC) practices, adjudicating privacy matters on a case-by-case basis. And in the long run, he says that repealing the Title II common carrier classification in the FCC’s Open Internet Order would “return privacy jurisdiction back to the FTC, where it belongs.”
Thankfully, the Maryland privacy bill died a quick death. That’s the right result for Maryland residents and businesses who value the availability of innovative Internet services, along with information they want without charge.