Friday, May 04, 2018

Thinking Things Through – Maintain Privacy Protections in Place

Several weeks ago I started a series of blogs I called “Thinking Things Through.” The idea was –and remains – to focus on aspects of the ongoing net neutrality controversy that I consider fundamental, even foundational.
So, in the first, “Thinking Things Through – Maintain That Line,” I contended, and I hope explained, why it is important to keep Digital Age Internet services from being regulated in a public utility-like fashion like telephone services were regulated throughout most of the twentieth century. 
In the second, “Thinking Things Through – Maintain That National Policy Line,” I contended that it is important that digital broadband services not be subject to a patchwork of state regulation inconsistent with the decades-old national policy favoring light touch regulation of information services. In other words, this second foundational proposition is essential to support the first.
And the third, “Thinking Things Through – Maintain a Stable Legal Framework,” asserted that, if businesses are to grow and prosper, and to invest and innovate, they need a stable legal framework which provides clear, predictable rules. In other words, without a stable legal framework that establishes “the rules of the road,” markets cannot operate effectively and efficiently, if at all.
So, to recap, the first three blogs contended that broadband Internet access services should not be subject to a public utility-style regulation like narrowband telephone services; that they should be subject to a national policy of light-touch regulation; and that they should operate within a stable legal framework.
As most readers know, some Members of Congress are advocating adoption of a Congressional Review Act (CRA) resolution to overturn the FCC’s December 2015 Restoring Internet Freedom Order, with a “Day of Action” planned by CRA supporters for May 9. That surely is their prerogative. Indeed, as a general proposition, and consistent with Congress’s proper role in our tripartite constitutional system with its separation of powers, I am not opposed to use of the Congressional Review Act.
Based on the foregoing, I am, of course, opposed to use of the CRA to overturn the Restoring Internet Freedom Order because the effect of such action would be to reimpose a regulatory regime at odds with the foundational principles I already have articulated.
But there would be another significant adverse effect – which heretofore has received little notice. Just at the same time that – courtesy of the Facebook controversy and other high-profile data breaches – there is significant interest in ensuring that there are sufficient privacy safeguards in place to protect consumers, the effect of adoption of the “net neutrality” CRA would be to leave consumers with less privacy protection than they now have.
Here’s why.
By reclassifying ISPs as Title II telecommunications service (common carrier) providers, the 2015 Open Internet Order (“Title II Order”) had the deleterious effect of eliminating the Federal Trade Commission’s jurisdiction over broadband ISP privacy practices. After the reclassification, in October 2016, the FCC adopted stringent privacy restrictions on ISPs, including opt-in requirements, which were not applicable to non-ISPs like web giants Google and Facebook, entities that collect far more personal data over the Internet than ISPs. Under the FTC’s privacy regime, these non-ISPs remained subject to considerably less stringent privacy protections than those applicable to ISPs.
In light of the resulting asymmetric and confusing privacy regulatory approach created by the FCC October 2016 action, Congress passed a Congressional Review Act resolution, signed by President Trump in April 2017, overturning the FCC’s October 2016 privacy regulation. Under the Congressional Review Act, the FCC is precluded from adopting a new privacy regulation applicable to ISPs that is “substantially the same” as the one overturned. Unsurprisingly, a primary argument against adoption of the privacy CRA, by many of those same persons now supporting the “net neutrality” CRA, was that its adoption would leave consumers unprotected. 
By again classifying Internet service providers as information service providers rather than telecommunications carriers, the FCC’s Restoring Internet Freedom Order had the salutary effect of restoring the FTC’s jurisdiction to regulate the privacy practices of both the edge providers like Facebook and Google and the ISPs – and to impose sanctions against both when appropriate. In other words, at present, there is a symmetrical privacy regulatory regime in place, with FTC enforcement authority, that protects consumers of both the edge providers and ISPs against privacy abuses. But if Congress were to adopt the “net neutrality” CRA, the FTC’s symmetrical privacy regulatory regime would be eliminated. Consumers would be left with less privacy protection.
It may well be, in light of the “Facebook hearings” and other considerations, that the current Congress will decide legislation is needed to clarify and/or strengthen existing privacy protections.  But, in the meantime, there ought to be little doubt that the privacy protections in place now should be maintained and enforced by the FTC.
That’s just one reason – but a very good one – why Congress should not adopt the “net neutrality” CRA overturning the Restoring Internet Freedom Order. If Members of Congress want to protect consumers, their time will be much better spent considering whether new privacy legislation is needed, rather than reducing the protection that currently exists.