This year, lawmakers in California, New York, New Jersey and more than a dozen other states introduced bills to regulate broadband privacy by restricting providers' ability to draw on consumers' web-surfing data for ad purposes.
State legislators did so after President Donald Trump signed a repeal of federal privacy rules that would have required broadband providers to obtain subscribers' explicit consent before using their online browsing history for ad targeting. The decision to repeal the federal rules was unpopular; a survey by Huffington Post and YouGov reportedly showed that more than 70% of Republicans and Democrats wanted Trump to veto the repeal.
Still, it's not clear whether any of the state privacy laws will be enacted. Internet service providers, as well as the ad industry, oppose the state bills and have mounted a particularly vigorous campaign against California's proposed law, which is still pending.
Verizon apparently doesn't want to take any chances. This week, when the company submitted comments about net neutrality, it also asked the Federal Communications Commission to explicitly preempt state or local broadband regulations.
"Rules that stop at the state line -- including rules for important concerns such as privacy -- don’t work in today’s interconnected world where providers may be in one state, users in another, and the Internet content a user wants coming from a third, fourth, or fifth, and possibly traveling across the Internet backbone in multiple states," the company wrote. "With providers and users hopscotched across states – and around the world – state-by-state rules would be impossible to comply with. For that reason, the Commission should exercise its authority in this proceeding to preempt state and local regulation of broadband Internet access service."
FCC Commissioner Michael O'Rielly has already expressed support for Verizon's position. In May, O'Rielly told the American Legislative Exchange Council that states should be prohibited from regulating broadband privacy. "It is both impractical and very harmful for each state to enact differing and conflicting privacy burdens on broadband providers, many of which serve multiple states, if not the entire country," he said.
It's worth noting that Verizon was previously fined $1.35 million by the FCC for using "supercookies" to track mobile customers for ad-targeting purposes. That matter stemmed from revelations that Verizon was inserting unique tracking headers into all unencrypted traffic on the mobile network. Ad networks were able to use those headers to send targeted ads to mobile users -- even when they tried to avoid tracking by deleting their cookies.
The FCC's investigation in that case focused on whether Verizon violated the Communications Act's privacy provisions -- which require carriers to protect customers' "proprietary information" -- and whether the company violated a 2010 net neutrality rule requiring disclosure of broadband management practices.
The trade group USTelecom, which counts Verizon and AT&T as members, argued this week that state broadband privacy rules would be unconstitutional. "Because internet traffic is overwhelmingly interstate, any substantial regulation by states (such as imposing common-carrier-like economic requirements or state-specific privacy obligations) is likely to cause an undue burden on interstate commerce," the group wrote.
On the other side, the advocacy group Electronic Privacy Information Center says the FCC should craft new privacy rules that would apply to all online companies -- including search engines and social networks.
"Consumers should have one expert agency to rely on when it comes to issuing rules on internet privacy and addressing harms caused by internet privacy violations and that agency should be the FCC," EPIC writes to the FCC. "Consumers have made it clear that they care about their online privacy and want strong privacy rules in place."