• by Wendy Davis , Staff Writer, July 13, 2017

A proposed privacy law in California is meeting with strident opposition by AT&T, as well as a host of business and ad groups.

The measure, introduced last month by State Assemblyman Ed Chau, would restore the Federal Communications Commission's broadband privacy rules, which were invalidated by Congress earlier this year. Chau's measure would require broadband providers to obtain people's explicit consent before drawing on their online browsing history for behavioral advertising. The bill would also prohibit internet service providers from using "pay-for-privacy" billing schemes, which involve charging customers higher fees to avoid targeted ads.

The privacy law is also unnecessary, according to the company, because it has already agreed to honor "legally enforceable privacy principles that are consistent with the privacy framework developed by the FTC."

It's worth noting that AT&Ts use of the phrase "legally enforceable" is questionable at best, given that the FTC currently appears to lack authority to prosecute AT&T for failing to honor its privacy promises.

AT&T and other opponents of the law are raising many of the same arguments that they made against the FCC's now-scrapped privacy rules. The critics argue that the proposed law unfairly subjects broadband carriers to tougher privacy standards than Google, Facebook or other online companies. Those other companies typically allow consumers to opt out of receiving targeted ads, but only require opt-in consent before serving ads based on a narrow category of "sensitive" data -- like financial account numbers, or health information.

Privacy advocates counter that broadband providers should be subject to tough privacy standards, arguing that Internet service providers have access to all unencrypted sites visited by subscribers, and are therefore uniquely able to capture comprehensive consumer data.

AT&T says in its letter to California lawmakers that the imposition of "onerous" opt-in requirements on broadband providers -- but not on other web companies -- "would give consumers a false sense of security that their online privacy is being protected."

The company also argues that privacy laws should depend on the "sensitivity" of the data. AT&T's clear implication is that companies shouldn't be required to get opt-in consent before drawing on "non-sensitive" web-browsing data for ad targeting.

Despite taking that stance in California, AT&T is on record supporting a proposed privacy bill introduced by Rep. Marsha Blackburn (R-Tennessee), which would require all companies -- broadband providers as well as search engines, social networking services and others -- to obtain people's opt-in consent before serving them ads based on their web-browsing histories.

Why is the company advocating for federal restrictions on data use, but opposing the California bill? One reason could be that Blackburn's bill (unlike the California proposal) doesn't ban pay-for-privacy schemes -- which AT&T pioneered and would like to reinstate.

AT&T isn't the only one opposing the California law. Business and ad groups, including the California Chamber of Commerce, Association of National Advertisers and Data & Marketing Association, are also lobbying against the measure.

"This bill creates onerous state-specifid internet regulations that will harm California's consumers, businesses, and innovation ecosystem," those groups argue in a letter to state lawmakers. "This legislation is the antithesis of the forward-looking policies that have allowed California to be the world leader in business and technology for the past 20 years."

The state's Business, Professions and Economic Development committee is slated to hold a hearing on the bill on Monday. Two other committees -- Judiciary; and Energy, Utilities and Communications -- are slated to hold hearings later in the week. The measure must clear all three committees next week to have any chance of passage this year.