Agency Pact May Up FTC Telecom Privacy, Security Enforcement

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

The Federal Trade Commission may dive into privacy and data security enforcement against internet service providers such as AT&T Inc. and Comcast Corp. after the Federal Communications Commission rolls back its net neutrality rules.

The FCC is set to peel back its existing rules Dec. 14, likely on a party-line vote. The move would restore FTC jurisdiction, which was limited under a 2015 FCC order, over ISPs by no longer classifying such companies as common carriers.

The FCC action leaves the FTC primed to play a bigger role in policing ISPs privacy and data security practices, current and former FTC officials told Bloomberg Law.

The FTC “will absolutely continue our focus on vigorous data security enforcement,” agency spokesman Peter Kaplan told Bloomberg Law. The agency “will monitor the broadband market for violations of Section 5 of the FTC Act as well as any other law that we enforce,” he said. Section 5 is used by the FTC to pursue alleged privacy and data security violations.

The two agencies have already announced a draft memorandum of understanding (MOU) outlining how they will team up to provide oversight for internet service providers. The FTC may bring an ISP enforcement action sooner rather than later.

The FTC will likely move against a web service provider for alleged privacy violations or lax data security “to bolster the MOU,” Phyllis Marcus, a consumer protection partner at Hunton & Williams LLP in Washington and former chief of staff in the FTC’s Bureau of Consumer Protection, told Bloomberg Law.

The FTC is likely to police ISPs even though its two sitting members disagree about the FCC’s planned Dec. 14 move. Privacy and data security enforcement is usually backed by Republican and Democratic commissioners alike.

Acting Republican FTC Chairman Maureen Ohlhausen, who backs the FCC’s move, said in a Dec. 11 statement that the FTC “is committed to ensuring that Internet service providers live up to the promises they make to consumers.”

When public attention is focused on a particular facet of FTC enforcement authority—as the draft MOU does—the commission tends to take action in that area. For example, after the FTC was criticized for allegedly not following through on an agreement to police the EU-U.S. Privacy Shield cross-border data transfer program, the commission reached no-fault settlements with companies for allegedly telling consumers they were certified under the Privacy Shield, Marcus said.

Taken together, the MOU and the FCC’s Restoring Internet Freedom Order would allow the FTC and FCC to combine legal and technical resources to go after ISPs and telecoms that run afoul of privacy promises or have lax data security.

The FTC has the legal and technical experience already to handle ISP oversight, Kaplan said. But, “the MOU will change the nature of that sharing, since the FTC hasn’t had jurisdiction over ISPs for the past few years,” he said. The pact will allow the FTC and FCC to “broadly share legal and technical expertise, including sharing informal complaints,” he said.

FCC Chairman Ajit Pai (R) said in a Dec. 11 statement that the MOU is a “critical benefit for online consumers because it outlines the robust process by which the FCC and FTC will safeguard the public interest.” FCC spokespeople declined to comment further.

To contact the reporter on this story: Daniel R. Stoller in Washington at

To contact the editor responsible for this story: Donald Aplin at

For More Information

Text of the FTC, FCC draft memorandum is available at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security