On May 27, opening comments flooded in to the FCC in response to proposed rules that would introduce new data privacy and security obligations for Internet Service Providers (ISPs). A majority of the comments expressed concerns about the Commission’s proposed regulations and the burdens and restrictions they might create for ISPs that had been previously left largely unregulated by Washington. Many commentators questioned whether the FCC possesses the authority to adopt regulations regarding broadband ISPs. More specifically, commenters argue that the Commission lacked the authority to classify broadband ISPs as Title II common carriers and note that litigation regarding this matter is still pending before the D.C. Circuit.
Commenters also argued that the rules are overly burdensome and intrusive. Compliance costs were a primary concern, with were identified as including: (1) legal and consultant costs associated with regulatory analysis, contract negotiation, risk management assessments, preparing new policies, forms, training and audits; (2) development and implementation costs associated with data security controls, website policies and customer approval tracking systems; (3) personnel costs associated with dedicated privacy and data security staff; and (4) opportunity costs associated with diverting scarce resources from innovation to regulatory compliance.
The majority of the commenters supported harmonizing rulemaking on private information under the Federal Trade Commission’s existing framework. Reiterating the concern that the FCC could preempt FTC jurisdiction, many filers complained that the FCC is seeking to impose a draconian model that would handicaps ISPs, rather than replicating the FTC’s successful practice of only engaging in enforcement actions against ISPs to pursue claims of unfair or deceptive practices or data breaches.
Congress is also paying close attention to the FCC’s proposed new role in regulating ISP privacy practices. Last month, Chairman Wheeler sent a response to nine Senators that had written in support of the FCC’s proposed rulemaking on broadband privacy. In his letter, the Chairman reiterated his commitment to consumer privacy, underscoring that the proposal creates transparency, choice and security by giving consumers the right to control what personal data their broadband ISPs may use and share. The Chairman stated that the Commission sought comment on alternative mechanisms for safeguarding consumer choice, as well as whether the Commission’s existing complaint resolution process is sufficient to address consumer complaints regarding the information covered by the proposed rules.
However, on June 1, Reps. Fred Upton (R-Mich.), Michael C. Burgess, M.D. (R-Texas), and Greg Walden (R-Ore.) sent a letter to Chairman Wheeler urging the FCC to reconsider its proposal to begin regulating ISP privacy. The authors’ concerns mostly mirrored the commenters, making note that the FCC has preempted the FTC’s long-standing role of protecting consumer rights and expectations with regards to Internet privacy. The letter expresses concern that the new rules will not serve the public interest, but rather create public confusion by subjecting data to multiple and varying privacy regimes within a consumer’s single internet experience. Ultimately, the authors conclude that a more consistent privacy experience for consumers should be developed and pointed again to the FTC’s successful enforcement-based regime as a prime example.
Reply comments on the proposed rule are due on June 27, 2016.