As it was foretold, so it has come to pass: The Federal Communications Commission, under the direction of its new Chairman Ajit Pai, has taken action to block a portion of its own new privacy rule for internet service providers.
The stay is no surprise; Pai’s office announced last week that it was coming.
The stay specifically applies to the data security part of the rule, which the Commission voted to adopt in Oct. 2016.
The piece of the rule now on hold has to do with how your ISP has to protect your data, and how and when it has to disclose to you if it’s hacked, breached, stolen, or otherwise illicitly accessed.
Pai asked the Commission — consisting of himself, fellow Republican Michael O’Rielly, and Democrat Mignon Clyburn — to hold an emergency vote this week to enact the stay, before the rule goes into effect tomorrow, March 2. However, he said if the FCC didn’t have a vote, then he’d order the relevant bureau within the FCC to simply issue the stay instead, which it now appears to have done.
In a statement to press, the FCC says the action “ensures consumers have uniform online privacy protections” with those the Federal Trade Commission enforces on “edge providers” referring to internet-based companies like Google, Facebook, and Amazon.
“The Commission’s stay will provide time for the FCC to work with the FTC to create a comprehensive and consistent framework for protecting Americans’ online privacy,” the statement reads. “The FTC had proven to be an effective cop on the beat for safeguarding digital privacy. But in 2015, the FCC stripped the FTC of its authority over ISPs’ privacy and data security practices when it adopted the Title II Order. Today’s stay will also ensure that ISPs and other telecommunications carriers do not incur substantial and unnecessary compliance costs while the Commission considers modifications to the rule.”
However, as critical commissioners from both the FTC and the FCC recently noted, there are two problems with that line of thought.
One: The had already given its on-the-record approval of the FCC’s new rule. Two: The FTC literally can’t enforce privacy standards for ISPs so long as those companies are defined as Title II common carriers under the law — which, thanks to our old friend net neutrality, they are.
When the FCC voted last year to adopt the rule, then-FTC chair Edith Ramirez voiced her support for it, saying that the FCC’s rule “will provide robust privacy protections, including protecting sensitive information such as consumers’ social security numbers, precise geolocation data, and content of communications, and requiring reasonable data security practices.”
Last week, FTC Commissioner Terrell McSweeny, in a joint statement with the FCC’s Clyburn, said she was “very troubled by the news that the data security protections of the Broadband Privacy Rule will be put on hold,” adding, “removing security requirements from broadband providers is needlessly dangerous for American consumers. The rules the FCC adopted conform to long standing FTC practice and provide clear rules on how broadband companies should protect their customers’ personal information.”
However, McSweeny’s boss appears to feel as differently about the situation as Clyburn’s does. Acting FTC Chair Maureen Ohlhausen — who had until now remained mum on the topic — today applauded the stay in a joint statement with Pai.
“The Federal Communications Commission and the Federal Trade Commission are committed to protecting the online privacy of American consumers,” said Pai and Ohlhausen. “We believe that the best way to do that is through a comprehensive and consistent framework. After all, Americans… shouldn’t have to be lawyers or engineers to figure out if their information is protected differently depending on which part of the Internet holds it.”
So far, so good, but then the two clearly paint a target on net neutrality itself: “That’s why we disagreed with the FCC’s unilateral decision in 2015 to strip the FTC of its authority over broadband providers’ privacy and data security practices, removing an effective cop from the beat,” continues the joint statement. “The FTC has a long track record of protecting consumers’ privacy and security throughout the Internet ecosystem. It did not serve consumers’ interests to abandon this longstanding, bipartisan, successful approach.”
“We still believe that jurisdiction over broadband providers’ privacy and data security practices should be returned to the FTC, the nation’s expert agency with respect to these important subjects. All actors in the online space should be subject to the same rules, enforced by the same agency.”
In order to make that happen, however, the Open Internet Rule of 2015 would have to go away, which is exactly what the telecom lobby hopes will happen by challenging the ISP privacy rule.
The stay on the rule will be in effect until “the Commission is able to act on pending petitions for reconsideration.”
Those petitions, as we’ve explained, want the FCC to completely do away with the ISP privacy rule altogether… and ideally, for the industry, net neutrality along with it.
by Kate Cox via Consumerist