FTC May Inherit FCC’s Abandoned Broadband Privacy Mission

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

A Senate Democrat is fighting back against the GOP’s recent decision to kill off broadband privacy rules with draft legislation to give the Federal Trade Commission privacy and data security oversight of internet service providers.

The Managing Your Data Against Telecom Abuses (MY DATA) Act, announced April 14 by Sen. Richard Blumenthal (D-Conn.), would give the FTC jurisdiction to regulate ISPs and the “authority to establish safeguards for privacy and data security across the Internet.”

The draft bill would address corporate concerns over having two different regulatory standards by giving the FTC oversight of both ISPs and internet companies, according to a statement from Blumenthal.

The draft would also grant the FTC rulemaking authority, Blumenthal said in a Facebook post. The FTC has limited independent rulemaking power and has been granted such authority by individual statutes on a case-by-case basis, such as with the Children’s Online Privacy Protection Act and the Do Not Call Act.

Blumenthal didn’t release the text of the proposed legislation, and there is no schedule for when the text would be released, or when a bill might be introduced, a Blumenthal spokeswoman said.

Republicans are likely to draft their own version of a bill on FTC regulatory authority but will need Democratic support to bring it to a vote and secure passage in the Senate. Blumenthal is a respected voice on consumer protection matters, even though a final bill is likely to be advanced by a Republican, D. Reed Freeman, a partner at Wilmer Cutler Pickering Hale and Dorr LLP in Washington and co-chair of the firm’s cybersecurity, privacy and communications practice, told Bloomberg BNA April 18.

There is Republican interest in ensuring the FTC has adequate ability to regulate ISPs before it gets that authority.

After Congress and President Donald Trump rescinded a Federal Communications Commission rule to require ISPs, such as Comcast Corp. and AT&T Inc., to get user consent before collecting and sharing their personal information, Republicans wrote to FCC Chairman Ajit Pai, urging his agency to oversee ISP regulation until changes to the FTC’s ability to oversee them could be made. The FCC rule was rescinded before it took effect.

Freeman told Bloomberg BNA that the FTC has been seeking jurisdiction and rulemaking authority over broadband service providers for some time. If Blumenthal’s draft, or another version, advances, it could clear the way for the FTC to hand out civil penalties in privacy and data security enforcement actions, he said.

Representatives for the FCC and FTC didn’t immediately respond to Bloomberg BNA’s email requests for comment.

FTC Approach Uncertain

As for the FCC rule, ISPs welcomed its death. They argued that it set higher privacy standards for them, under FCC regulation, than for FTC-regulated internet companies, such as Alphabet Inc.'s Google and Facebook Inc., that don’t require consumer permission before using their data. Moving their privacy and security regulation under the FTC would put them on a level playing field with internet companies, the ISPs said.

Freeman said an outcome beneficial to all parties will require compromise from federal regulators, Congress and ISP industries. But a recent U.S. District Court for the Northern District of New Jersey case highlights how complicated giving the FTC jurisdiction over ISP providers can be.

In that case, the FTC alleged that internet-connected TV maker Vizio collected consumer viewing data without their knowledge or consent. The parties Feb. 6 settled the claims for $2.2 million.

The case may show how the FTC would handle ISP oversight, because consumer internet data can be as equally sensitive as TV viewing data, Freeman said. If granted oversight and rulemaking authority over ISPs, the FTC could “write a trade regulation rule on privacy and data security that has an opt-in requirement,” he said.

States Stepping Up

If Congress can’t find enough agreement to pass a law on FTC regulatory authority, states may step up to fill the void with their own laws codifying broadband privacy rules, Bloomberg Intelligence Litigation Analyst Matthew Schettenhelm said.

Wisconsin and Minnesota have already enacted ISP privacy laws that require permission before disclosing subscriber information about web browsing history.

To contact the reporter on this story: Daniel R. Stoller in Washington at dStoller@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security