Consumers are right to be concerned about and demand strong protection of their privacy rights. Advertisers have long understood this highly legitimate need. That is why in 2010 the ad community launched the Digital Advertising Alliance (DAA) self-regulatory program to give consumers broad power to determine whether their Internet and mobile activities would be collected and utilized for advertising purposes. The ad community also has strongly supported a broad array of legislation to protect consumer’s truly sensitive financial, health, children’s and other similar data.
Unfortunately, the recent Federal Communications Commission (FCC) broadband privacy rule diverged radically from all previous privacy practices in the U.S. by not regulating on the basis of the sensitivity of the data involved but only on the basis of who was collecting it (with very negative consequences for both consumers and business). The rule would have significantly impeded a broadband provider’s ability to deliver relevant advertising by labeling most Internet browsing and app use data as sensitive; this would have required opt-in consent, despite the fact that a vast amount of that data is not and could not be harmful to consumers. The FCC’s rule would have treated all ISP-aided searches for weather reports, sports scores, restaurant reviews, and myriad similar activities into supposedly highly sensitive activities.
The entity long designated to be primarily in charge of consumer privacy in the US – the Federal Trade Commission (FTC) – has indicated consistently, under Democratic and Republican leadership alike, that an opt-out approach is the preferred method of dealing with consumer privacy choice. It’s very fortunate that the rules did not go into effect. Consumers would have had to provide opt-in consent to nearly all forms of online advertising using data that originates from broadband providers. That would have meant that consumers would have been bombarded by opt-in consent requests, even on their mobile phones.
Congress used the Congressional Review Act (CRA) – a tool that enables lawmakers to reverse recent regulations – to repeal the FCC’s Broadband Privacy Rules. The repeal does not leave the broadband advertising space unregulated – far from it. The provision of broadband is a telecommunications service, subject to the FCC’s old telephone privacy rules. Two years ago when this original reclassification of broadband service occurred, many broadband providers revised their consumer privacy policies to better explain their data practices and, at a minimum, sought opt-out consent for the use of broadband data, depending on the data types at issue. The FCC can enforce privacy policies under the existing telephone CPNI rules.
Broadband providers already have committed to robust privacy standards and agreed to two sets of privacy principles, the Carrier Broadband Framework as well as the DAA self-regulatory program. In addition, buttressing broadband provider commitments to consumer privacy, Verizon, Comcast and AT&T all released statements last Friday clearly stating they have no plans to sell individualized consumer information in the future.
What’s Next? A truly level privacy playing field regulated by the FTC.
Many in Congress and industry would like to repeal the underlying Open Internet Order that reclassified broadband services for FCC regulation. FCC Chair Pai already released a statement supporting changing the reclassification. If this occurred, the FTC would once again regulate broadband privacy. Should FTC regulation be reinstituted, the broadband providers will once again be on an equal privacy footing with Internet edge providers and application service providers (e.g., Google, Facebook, Dropbox) that are also subject to FTC regulation. The FTC has strong privacy standards and a record of enforcement with teeth to protect consumers.
So, the sky is not falling with President Trump’s signing of the Congressional Joint Resolution repealing the FCC broadband privacy rule. There’s no great wave of additional targeting coming and there will be no great sell-off of consumer information. The FCC for now is the general cop on the broadband privacy beat. The FCC Chair and FTC Acting Chair have made clear that it is their firm intention to work together to put “the nation’s most experienced and expert privacy cop back on the beat,” and “to end the uncertainty and confusion that was created in 2015 when the FCC intruded in this space.” Sounds good to us, and it is clearly the best way to protect the legitimate needs of both consumers and business!