Wednesday, June 26, 2013

Old School Regulations Could Sidetrack Multi-Stakeholder Privacy Initiative


On the agenda for the FCC's June 27 open public meeting is a proposed Declaratory Ruling that wireless carriers that collect, or direct the collection of, customer proprietary network information (CPNI) on mobile devices must adhere to statutory and regulatory CPNI requirements in protecting that information.
It's too soon to comment on Declaratory Ruling, since it hasn't been voted on or released. But I did address the general matter of imposing CPNI regulations on wireless services in my Perspectives from FSF Scholars paper from July 2012, "The FCC's Mobile Data Inquiry: No New Privacy Regulation Needed." In that paper, I wrote:
The FCC's mobile data privacy inquiry may yield some interesting information. But new FCC regulations would be the wrong approach to address whatever mobile privacy concerns might exist in today's data and information-rich wireless market. The White House's comprehensive digital privacy initiative provides the better pathway for addressing data privacy policy across all broadband platforms.
It remains to be seen how the FCC's Declaratory Ruling might impact the ongoing, NTIA-facilitated multi-stakeholder efforts to develop a digital privacy framework that will ultimately lead to codes of conduct subject to FTC enforcement. That process should be given a chance to succeed, particularly since common enforcement offers a better and more consistent approach to consumer protection. As I concluded in my paper, "new FCC regulatory mandates on mobile data information use and collection must be avoided, particularly when the Administration's digital privacy initiative calls for the FCC's limited jurisdiction to finally be transferred to the FTC."