Consumer Electronics Daily was a Warren News publication.
FTC Re-Emergent?

FCC Stays Key ISP Privacy Rule Over Clyburn Dissent

March 2, 2017 by Howard Buskirk|Top News

The FCC approved 2-1 a stay of data security parts of ISP privacy rules, which otherwise would have taken effect Thursday. Chairman Ajit Pai asked the commissioners to vote by the end of Thursday on the stay, saying otherwise staff would act (see 1702240055). Democrat Mignon Clyburn already indicated she opposed the stay. She issued a sharply worded dissent.

Pai and acting FTC Chairman Maureen Ohlhausen released a joint statement saying the stay leaves the FTC in place as a privacy cop. Both agencies “are committed to protecting the online privacy of American consumers,” they said. “The best way to do that is through a comprehensive and consistent framework. After all, Americans care about the overall privacy of their information when they use the Internet, and they shouldn’t have to be lawyers or engineers to figure out if their information is protected differently depending on which part of the Internet holds it.”

The FCC was wrong in its 2015 net neutrality order “to strip the FTC of its authority over broadband providers’ privacy and data security practices, removing an effective cop from the beat,” the chairmen said. “The FTC has a long track record of protecting consumers’ privacy and security throughout the Internet ecosystem. It did not serve consumers’ interests to abandon this longstanding, bipartisan, successful approach.” ISPs and other internet players should be subject to the same privacy rules, they said. “Until that happens, however, we will work together on harmonizing the FCC’s privacy rules for broadband providers with the FTC’s standards for other companies in the digital economy.”

Some have complained the FCC is leaving consumers without protections, Pai and Ohlhausen said. “It is vital to fill the consumer protection gap created by the FCC in 2015, and today’s action is a step toward properly filling that gap. How that gap is filled matters. It does not serve consumers’ interests to create two distinct frameworks -- one for Internet service providers and one for all other online companies.”

Clyburn slammed the stay, accusing the FCC majority of chopping down a tree “to ostensibly prune a branch.” Her agency is effectively gutting its privacy rules, she said. “If the problem with the data security rule is, for example, the ability of the Commission to look to other Congressional mandates for guidance, then simply issue interpretive guidance that narrows the scope of the rule,” Clyburn said. “In another context, the majority allowed rules to go into effect with a letter of intent not to enforce until the rules were modified. So my question is why does the same approach not work here?”

Clyburn said to her the answer is a “painful” one: “Because with the new FCC, the ends justify the means. This Order is but a proxy for gutting the Commission’s duly adopted privacy rules -- and it does so with very little finesse.” The majority contends there's wide divergence between FTC and FCC rules, “when in actuality there is little daylight between the approaches taken by the two agencies,” Clyburn said. “The Order alleges significant harm to service providers, but cites absolutely nothing to prove it. In fact, the stay request does not even begin to estimate the costs associated with compliance.”

Republican FCC Commissioner Mike O'Rielly said he supported the stay. "I think the law and Commission precedent are quite straightforward: the FCC lacks authority to adopt data security rules for any type of provider," he said in a statement. "Data security is not mentioned anywhere in the Communications Act, and other statutes and legislative efforts that have addressed the topic do not afford the FCC any role.”

Today’s decision will maintain a status quo that has been in place for nearly two years with respect to ISPs and nearly a decade with respect to other telecommunications carriers," the FCC said in a news release. "The stay will remain in place until the Commission is able to act on pending petitions for reconsideration.”

After finally gaining basic privacy protections for broadband providers last year, it’s outrageous that Chairman Pai will now remove the simple rule that internet service providers must take reasonable data security measures to protect their customers’ information,” Public Knowledge said in a news release. “This is not a controversial requirement.” Consumers Union also blasted the stay.

The FCC has taken an important step towards restoring a consistent and uniform framework for addressing data security and privacy standards for all online providers,” said Karen Zacharia, Verizon chief privacy officer. "Verizon cares deeply about the security of our customers’ data and maintaining our customers’ trust is critical in each facet of our operations. From the outset of this proceeding, we stressed the importance of creating a consistent approach to privacy and data security that gives consumers the same information and choices about the use of their data, regardless of the type of company they interact with online.”

The FCC acted today to address aspects of the FCC’s privacy rules that went beyond the well-developed FTC framework and that created unnecessary consumer confusion,” said Joan Marsh, senior vice president-federal regulatory at AT&T. “A consistent and uniform framework that covers the entire Internet ecosystem, and is enforced by one government entity, is the most effective way to protect the privacy rights of consumers. That was the status quo before the FCC intervened and it is the right approach going forward.” CTIA and USTelecom welcomed the stay.