top of page

The Need for Uniform Broadband Privacy Rules for Consumer Data

Updated: Oct 13, 2020


On January 23, Commissioner Ajit Pai was named as the new Chairman of the FCC. Because the new Chairman has been a Commissioner at the FCC during its most recent decisions surrounding net neutrality and broadband privacy, it is no secret that he agrees with critics of the FCC broadband privacy rules (see his dissent on the FCC’s rules here: https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A5.pdf). In brief, Pai has argued that the FCC’s broadband privacy rules should parallel the FTC’s privacy framework as closely as possible. Pai has also questioned the FCC’s authority and expertise to regulate privacy and warned of confusion and harmful consequences that would flow from inconsistent privacy protections for ISPs and edge providers like Google and Facebook. As Pai wrote in his dissent, “[R]ules that apply very different regulatory regimes based on the identity of the online actor … make[] no sense.” One of the issues that we have come across as we discuss privacy rules has been the general sense of confusion in this area by the public at large. We have indicated the following issues for consideration as important to any FCC rulemaking proceeding on the issue of online privacy.

There must be both clarity and predictability in the privacy rules governing the use and sharing of consumer data. First, the current FCC rule apply only to ISPs and do not apply to some of the biggest data collectors out there, such as Google and Netflix. Second, these rules differ from the FTC’s privacy rules in some key respects, such as applying different notice and consent obligations on ISPs than apply to edge providers and other online data collectors. The result will be consumer confusion as to what data is protected and how it is used and shared. A consumer who reviews an ISP’s privacy policy would be justified in believing that such policy will apply to all of that consumer’s online activity without realizing that as soon as they leave the ISP’s portal to, for example, perform a Google or Facebook search, those protections no longer apply. It is difficult enough currently for consumers to take charge and educate themselves about their online privacy settings, rights, and choices without now adding the new additional requirement that they understand complex and often conflicting policies depending on what site they visit or the identity of the entity collecting their online data. Ensuring clear and uniform privacy rules that apply equally to all companies in the Internet ecosystem and ensuring that consumers continue to have the same privacy protections regardless of what site they choose to visit or who is collecting their online data should be a non-negotiable component of any sensible privacy approach pursued by the FCC.

We recognize that the FTC no longer has jurisdiction over ISPs’ privacy practices given the FCC’s classification of ISPs as common carriers in its net neutrality decision. However, ideally the FTC should be empowered to continue to regulate ISPs in the same manner as other online data collectors -- either by reclassifying ISPs as information service providers, or by Congress making clear that the FTC has sole jurisdiction to apply consistent, technology-neutral regulations to the privacy practices of all online entities including ISPs. At the very least, we encourage the FCC to revise its broadband privacy rules so they are truly consistent with the FTC’s time-tested and successful privacy framework that protects data for all consumers and treats all companies equally, thereby avoiding consumer confusion.


115 views0 comments
bottom of page