FTC: Different Privacy Rules for ISPs ‘Not Optimal'

The Telecommunications Law Resource Center is the most comprehensive reference and news platform for communications law, covering broadcasting, cable, broadband, telephony and wireless;...

By Lydia Beyoud

May 27 — Regulating Internet service providers' data privacy practices differently than those of other online companies is not ideal and Congress should strengthen privacy protections across the board, the Federal Trade Commission said in a May 27 filing.

The FTC weighed in on the Federal Communications Commission's proposed privacy rules for broadband Internet access service (BIAS) providers, in comments filed at the latter agency.

“In providing its comments, FTC staff is mindful that the FCC’s proposed rules, if implemented, would impose a number of specific requirements on the provision of BIAS services that would not generally apply to other services that collect and use significant amounts of consumer data. This outcome is not optimal,” the FTC said.

In its filing, the agency generally backed the FCC's proposed rules for what ISPs such as Comcast Corp. or AT&T Inc. can do with their customers' data, but suggested tweaks that would bring the FCC's proposal more in line with the FTC's regulatory regime.

The FCC's proposal would impose requirements on ISPs to protect content, but not edge providers such as Facebook Inc. or Google Inc., the FTC noted in its filing. ISPs have argued such online companies collect as much or more data than they do.

The privacy rules are part of the FCC's 2015 Open Internet order that reclassified ISPs under the more stringent common carrier regulations of Title II of the Communications Act of 1934. The agency's reclassification removed ISPs from FTC regulatory authority, though the two agencies have publicly said they would work together to protect consumers.

Strengthening Sensitive Info Protections

The sensitivity of personal data and consumer expectations should guide whether Internet service providers would be required to obtain customers' opt-in or opt-out consent to use that data, the Federal Trade Commission's Consumer Protection Bureau staff told the Federal Communications Commission in the filing.

“FTC staff recommends that the FCC consider the FTC’s longstanding approach, which calls for the level of choice to be tied to the sensitivity of data and the highly personalized nature of consumers’ communications in determining the best way to protect consumers,” the enforcement agency said.

The FCC has said that the crux of its proposal focuses on giving consumers more control over how their Internet providers collect and use their data (2016 TLN 20, 4/1/16). The notice of proposed rulemaking would create a three-tiered approach for how consumer data is used by ISPs, also called BIAS providers by the FCC.

A requirement to obtain consumers' affirmative consent (opt-in) for how their data is shared with third parties would create a new, higher, hurdle for ISPs—a measure bitterly opposed by much of the industry but supported by privacy advocates.

The FTC staff said it supports the FCC's opt-in approach if the agency's regulations clarify that highly-sensitive information like Social Security numbers, health, financial, children's or precise geolocation data would receive greater protections from being shared by ISPs with groups, rather than just third parties or company affiliates that aren't recognizably branded as an associate of the ISP.

Without such protections, the FCC's approach wouldn't reflect consumers' different expectations and concerns for the sharing of sensitive and non-sensitive data, the FTC said.

Opt-in consent should also be required before sharing the content of consumer communications, including e-mails, social media posts, online comments, and online shopping cart items, the FTC said.

“If the FCC were to adopt FTC staff’s recommendation for opt-in consent before use of the content of consumer communications, BIAS providers would not be permitted to inspect the contents of such communications to determine whether they are sensitive,” the FTC said.

Ohlhausen Comments

In her own comments, Republican FTC Commissioner Maureen Ohlhausen supported the staff comments, noting the FTC's proposals “focuses on the sensitivity of consumer data and particular promises made about data collection and use, rather than on what type of entity collects or uses that data.”

She added that the any opt-in or opt-out default rules should take into consideration the costs and burdens created for both consumers and businesses to publish, read and make a decision on how data is used.

“Regulations should impose such costs in a way that maximizes the benefits while minimizing the costs. Therefore, opt-in or opt-out defaults should match typical consumer preferences, which means they impose the time and effort of making an active decision on those who value the choice most highly,” Ohlhausen said.

To contact the reporter on this story: Lydia Beyoud in Washington at lbeyoud@bna.com

To contact the editor responsible for this story: Keith Perine at kperine@bna.com

For More Information

Text of the FTC staff filing is at http://src.bna.com/fqq.

Text of Ohlhausen's filing is at http://src.bna.com/fqm.