Pai Seeks Stay of Part of ISP Privacy Rules Before Taking Effect; Clyburn, McSweeny Protest

FCC Chairman Ajit Pai indicated he will act to guarantee parts of ISP privacy rules don’t take effect Thursday, over the potential protest of the agency's sole Democratic member and amid concerns from Democrats overseeing the agency. Pai and fellow Republican Mike O’Rielly were critics when the rules were approved under former Chairman Tom Wheeler in October, just before the presidential election (see 1610270036), and after the election, industry officials predicted Pai would scuttle the privacy order (see 1611090034).

“Chairman Pai believes that the best way to protect the online privacy of American consumers is through a comprehensive and uniform regulatory framework,” an FCC spokesman said in a Friday statement. “All actors in the online space should be subject to the same rules, and the federal government shouldn’t favor one set of companies over another. Therefore, he has advocated returning to a technology-neutral privacy framework for the online world and harmonizing the FCC’s privacy rules for broadband providers with the FTC’s standards for others in the digital economy.”

After Pai's announcement, the sole Democratic members of the FTC and FCC reacted unfavorably. Sen. Ed Markey, D-Mass., and House Commerce Committee ranking member Frank Pallone, D-N.J., attacked Pai's actions.

FCC Commissioner Mignon Clyburn and FTC Commissioner Terrell McSweeney slammed the move. "Chairman Pai has created an unfortunate dilemma: accept a Bureau-level action that indefinitely unwinds key consumer privacy protections established by the FCC last year, or accept four business days (rather than the usual three weeks) to evaluate and vote on a decision that has massive ramifications for the security of private information held by broadband providers,” Clyburn said in a statement. Pai "is using the very same tool as Chairman that he criticized as a Commissioner," she added, citing Pai's 2014 statement that "FCC decisions issued on the bureau level cut the commissioners out of the decision-making process entirely."

McSweeney said she's "very troubled" by Pai's actions. "The rules the FCC adopted conform to long standing FTC practice and provide clear rules on how broadband companies should protect their customers’ personal information. This action weakens the security requirement guarding every consumers’ most personal data and should be reconsidered." Pai "is determined to take action that leaves consumers without a cop on the beat protecting their personal information from misuse by their broadband service provider," Clyburn and McSweeney said in a joint statement.

The privacy order is “unfortunately” not consistent with the FTC standard, the FCC spokesman said. Pai is asking colleagues to vote on the stay by Thursday. It would cover a requirement that ISPs take "reasonable" security measures to protect their customers' Social Security numbers, web browser and other personal information. If commissioners don’t vote by Thursday, the Wireline Bureau will stay that part of the rule “pending a full Commission vote on the pending petitions for reconsideration consistent with past practice,” the spokesman said.

'Real Shame'

“This is a real shame,” said Laura Moy, deputy director of Georgetown University Law School's Center on Privacy & Technology. “Consumers have no choice but to share the private details of virtually everything they do online with their service provider, and they want that data to be subject to strong protections. This stay of the rules might be helpful for companies that don't want to spend the money to shore up their security, but it is unquestionably anti-consumer.”

The FCC chief is letting ISPS "ignore best data security practices," said Markey. "This could make subscribers' sensitive information -- including borrowing and banking practices, health care searches, geo-location, and other personal information that can be mined from online activity -- more vulnerable to breaches and unauthorized use. Chairman Pai wants to do the bidding of Big Broadband and undo the FCC’s Open Internet Order." The move "lands another blow to consumers on behalf of the Trump Administration," said Pallone. "The American people have been clear: they want more protections for their data, not fewer. We must ensure consumers’ private information is protected, no matter where they go on the internet or how they connect."

Public Knowledge Policy Fellow Dallas Harris also criticized the move. “There is no question that the FCC regulates ISPs, while the FTC regulates the edge,” Harris said. “Public Knowledge encourages Congress to enact strong privacy protections for consumers, but until that time, the FCC should continue to ensure that ISPs properly protect their consumers. This shouldn’t be a race to the bottom. If the chairman wants to protect consumers, then he would encourage ISPs to implement data security protections, not give them a free pass.”

No Surprise

The move wasn’t a surprise, said former FCC Commissioner Robert McDowell, now at Cooley. “Ajit and Mike have been consistent and clear in articulating their vision for a singular set of strong and flexible rules to protect consumer privacy,” McDowell told us. “They also have an ally and kindred spirit in acting FTC Chair Maureen Ohlhausen. Their actions should come as no surprise to anyone who has been observing."

“It could take the FCC months to resolve the petitions for reconsideration" of the rules absent a stay, said Berin Szoka, president of TechFreedom, in a news release. He asked if "the FCC even has authority to regulate broadband privacy? We already know what the answer will be: Pai and O'Rielly have been entirely consistent in their view that the [Julius] Genachowski FCC was wrong in reading Section 706 [of the Communications Act] as an independent grant of authority and the Wheeler FCC was wrong to apply Title II to broadband.” There will be no vacuum in protecting consumer privacy, just as there was none during the two years it took the Wheeler regime to develop and issue privacy issue rules after the 2015 net neutrality order, Szóka said.

“Insane, unfair rules that hammer ISPs and let Google and Facebook go wild,” tweeted Phil Kerpen, chairman of American Commitment, a free-market oriented interest group. “Move it all back to the FTC where it belongs.”

The stay “is a smart first step toward rolling back asymmetrical regulation that is at odds with consumers' privacy expectations, deters innovation and causes marketplace distortion,” emailed former Rep. Rick Boucher, D-Va, an Internet Innovation Alliance honorary chairman. “Applying different privacy rules to the same online data by saddling only ISPs with new regulations doesn't make sense.”

Pai and O’Rielly “believed the regulations unfairly disadvantaged" ISPs "vis-a-vis Internet sites like Google, Amazon, and Facebook,” emailed Randolph May, president of the Free State Foundation. “The new regulations, by shackling the ISPs with more stringent, more costly regulations than those imposed on the Internet giants, diminished consumer welfare by chilling competition in the advertising market and reducing the amount of information available to consumers. It’s just common sense that there should be a uniform privacy enforcement regime.”