Broadband Security Rules Lifted By FCC

As expected, the Federal Communications Commission today lifted privacy rules that would have required broadband providers to take reasonable measures to keep consumers' personal information secure.

The particular regulations, which would have taken effect Thursday, were among a slate of new broadband privacy protections passed by the FCC last October under the leadership of former Chairman Tom Wheeler.

"The Commission’s stay will provide time for the FCC to work with the FTC to create a comprehensive and consistent framework for protecting Americans’ online privacy," the FCC said in a statement.

The FCC's Wireline Competition Bureau stated Wednesday that the data security regulation "would have subjected Internet service providers ... to a different standard than that applied to other companies in the Internet ecosystem by the Federal Trade Commission."

But not everyone agrees that the standards are significantly different. FCC Commissioner Mignon Clyburn, who dissented from the decision to stay the data-privacy portion of the privacy order, said the FCC and FTC take a similar approach.

"Both agencies require only reasonable data security measures, with caveats for the sensitivity of the data, size of the company and technical feasibility," she stated in her dissent.

FTC Commissioner Terrell McSweeny added in a statement issued late last week that the FCC's security rules "conform to long standing FTC practice."

The FCC's decision to put the brakes on the data-security rule is seen as the first step toward revoking other, more controversial broadband privacy rules, including ones prohibiting carriers from drawing on subscribers' Web surfing history or their app usage for ad targeting, without their express consent.

The ad industry, broadband providers and other critics of those ad-related rules, including Pai, argue they're inconsistent with looser standards recommended by the FTC.

That agency FTC endorses the collection and sharing of non-sensitive data on an opt-out basis. The FTC also suggests Web companies should obtain people's explicit consent before sharing "sensitive" data -- like health information, precise location data and the "content" of their communications, including social media posts and search queries -- with outside companies.

FCC Chairman Pai and FTC Chairwoman Maureen Ohlhausen Wednesday in a joint statement that they want to create a "technology-neutral privacy framework for the online world."

"Americans care about the overall privacy of their information when they use the Internet, and they shouldn’t have to be lawyers or engineers to figure out if their information is protected differently depending on which part of the Internet holds it," they stated.

But some privacy advocates say broadband providers should be subject to tough standards because their role as Web gatekeepers gives them access to a vast trove of information -- including not only all unencrypted Web activity, but also subscribers' people's usage patterns.

Sen. Ed Markey (D-Massachusetts) warned that the FCC's move "will make consumers’ information more vulnerable to breaches and unauthorized use."

Markey added: "This suspension is just a preview of coming attractions. Chairman Pai and Republicans in Congress want to roll back critical privacy protections and leave consumers with no defense against abusive invasions of their privacy by their broadband provider."

The ad trade group Data & Marketing Association, which opposes the broadband privacy rules, called the FCC's move "a good first step."

"We look forward to continued action on the part of Chairman Pai and the FCC to ensure that the modern digital economy can continue to create the innovative products consumers enjoy and rely upon without the burden of unnecessary regulations," DMA senior vice president Emmett O’Keefe said in a statement.

Next story loading loading..