Late last week, Federal Communications Commission Chairman Ajit Pai raised eyebrows among privacy advocates by moving to lift a rule that requires broadband providers to take reasonable measures to keep consumers' information secure.
That particular rule, slated to take effect March 2, was one of a host of sweeping privacy protections passed by the FCC last October under the leadership of former Chairman Tom Wheeler. The data-security rule in itself wasn't especially controversial, and was seen as aligned with longstanding principles of a different agency -- the Federal Trade Commission.
The move drew a quick rebuke from some privacy experts -- including policymakers like Sen. Ed Markey (D-Massachusetts) FCC Commissioner Mignon Clyburn, and FTC Commissioner like Terrell McSweeny."The @FCC data security rule is consistent w @FTC's data security cases -- halting this rule weakens consumer protection for private data," McSweeny tweeted over the weekend.
She added in a statement that Pai's action "weakens the security requirement guarding every consumers’ most personal data and should be reconsidered."
"With this suspension of privacy rules, Chairman Pai is allowing Internet Service Providers to ignore best data security practices," Markey said in a statement issued late Friday. "This could make subscribers sensitive information -- including borrowing and banking practices, health care searches, geo-location, and other personal information that can be mined from online activity -- more vulnerable to breaches and unauthorized use."
Beyond the potential security consequences, Pai's move is seen as the first step toward rolling back other, more sweeping privacy regulations that could limit Internet service providers' ability to use behavioral targeting techniques.
Those ad-related regulations -- by far, the most hotly debated portion of the privacy order -- prohibit ISPs from drawing on subscribers' Web surfing history or their app usage for ad targeting, without their express consent.
The ad industry, broadband providers and other critics of those rules, including Pai, argue that they are inconsistent with looser standards put out by the FTC. Five years ago, the FTC recommended that Web companies should obtain people's explicit consent before sharing "sensitive" data -- like health information and precise location data -- with outside companies. The FTC also recommended that Web companies allow people to opt out of the collection and sharing of non-sensitive data.
More recently, the FTC appeared to broaden its definition of "sensitive data" to also include information such as TV shows watched, movies viewed, titles of books read, email messages and search queries.
Privacy advocates argue that the FCC's relatively tougher standards for broadband providers are justified, given that they have access to all unencrypted Web activity. But the telecom and ad industry argue that all online companies should be able to use most types of Web-surfing data on an opt-out basis.
Some Republicans, including Sen. Jeff Flake (Arizona), have made clear they agree with the broadband and ad industries on that point. Flake has vowed to introduce a bill to rescind the FCC's privacy rules under the Congressional Review Act -- a 1996 law that allows federal lawmakers to overturn recent agency decisions. If Congress does so, the FCC won't be allowed to replace them with new privacy regulations.
This morning, Markey joined with a coalition of advocacy groups to condemn that possibility.
He said that even though Republicans control Congress, they may not be able "to push this through."
"There are privacy advocates who are Republicans," he told reporters this morning, adding that some libertarian groups also have supported privacy rules.
"We will rally millions of Americans to this cause," Markey said. "At the end of the day, the American people are going to want their privacy protected."