FCC Expected to Move Quickly on ISP Privacy, Absent Action by Congress

Industry commenters made closing arguments on petitions for reconsideration of the FCC's October ISP privacy rules with replies due Thursday. Congress is considering a Congressional Review Act resolution opposing the rules (see 1703150032). Observers expect the FCC to move forward, absent quick action on Capitol Hill.

Divided commissioners earlier this month stayed the data security parts of the rules, as it considers the recon petitions. Chairman Ajit Pai and Commissioner Mike O’Rielly, who opposed the rules last year, supported the stay, but Commissioner Mignon Clyburn dissented (see 1703010069). As on the net neutrality rules, also a target of the FCC Republicans, the agency always has divided along party lines on privacy rules. It declined to comment Friday.

“The FCC has the ability to act more quickly than Congress,” said former Commissioner Robert McDowell, now at Cooley. “Waiting for a legislative solution carries with it the risk that bills can get stuck in congressional purgatory. Also, key members have given Ajit verbal clearance very publicly to march ahead with a rollback on privacy, and I think that's exactly what he’ll do.”

“Given that the stay order only addressed the rules set to take effect in March, I expect [Pai] will wait to see whether Congress acts,” predicted Fred Campbell, director of Tech Knowledge. “It’s possible that Congress will decide to move quickly on a resolution of disapproval. If not, Pai would still have time to act before the remaining rules go into effect, because time expires for the disapproval process in May.”

Pai has “made clear in no uncertain terms his belief that the law should create a level playing field on consumer privacy, and he's been more definitive on that issue than on other hot-button issues before the agency” such as net neutrality, said Daniel Lyons, associate professor at Boston College Law School. “My sense is that granting the reconsideration petitions, and resetting the rules in this area, is the interim play pending a more permanent congressional fix, which could involve clarifying FCC authority here, or repealing the FTC common-carrier exemption.”

Won't ‘Dawdle’

“I doubt if Chairman Pai will dawdle while waiting for Congress,” said Randolph May, president of the Free State Foundation. Others concurred.

“It's possible that Congress may act on the CRA" in weeks, May added. "Pai has been perfectly clear that he thinks the privacy rules are harmful and legally suspect. By getting the rule partially stayed, he's shown he's not going to sit by idly and let the rules take effect as is.”

Advocates of the rules acknowledged they don’t have much hope of no agency action.

“The FCC majority is in denial of the facts and driven by ideological blinders,” emailed Jeff Chester, executive director of Digital Democracy. “They are acting as lapdogs, subservient to the mega-giant phone and cable companies that are increasingly violating the privacy rights of their customers. Ultimately, a decision to overturn the new FCC privacy rules will come back to haunt them, as our EU trading partners are forced to suspend data flows to the U.S.” All but Pai “knows that the FTC approach to privacy is a joke” and the only real rules protect children, Chester said. “Under its watch, Americans have faced a dramatic loss of their privacy,” including “unprecedented” data breaches, he said. “Pai is a digital Nero. Fiddling with our consumer protections as Americans get ‘burned’ by the extraordinary Big Data apparatus now at the core of the ISP’s business model.”

“Nothing is preordained when it comes to broadband privacy, given the potential use of the Congressional Review Act,” said Dallas Harris, Public Knowledge policy fellow. “If Congress uses the CRA, the commission is prohibited from issuing a rule in a substantially similar form to the one that they have now. It's not clear whether the commission will be prohibited from acting due to the CRA, vote on the petitions for reconsideration, stay the rules piece by piece as they come into effect, or act on net neutrality and scrap the rules that way. The potential use of the CRA is creating a lot of uncertainty around exactly what privacy protections there will be for consumers, if any at all.”

Filings Posted

Replies in docket 16-106 mostly were posted Friday. All substantive filings supported the recon petitions.

Despite the record industry has built against the rules “and a commitment by ISPs to adhere to the privacy and data security principles that apply to the rest of the internet ecosystem,” the “opponents of reconsideration attempt to sustain the flawed Order by ignoring its significant substantive and procedural flaws,” CTA replied. “They cannot overcome the Order’s failure to justify its new, overbroad approach to sensitive data, nor can they vindicate the Commission’s failure to weigh the costs of such approach against any clear, concrete benefits.”

CTIA said no comments filed by supporters of the rules build a compelling case against its recon petition. “The Commission, in numerous instances, either failed even to consider relevant facts and arguments in the record, or relied on facts and legal authorities that clearly did not support the Rules, making the Report and Order unreasonable and ripe for reconsideration,” it wrote.

USTelecom, which also filed a recon petition, criticized supporters of the rules. “The Order saddles ISPs with uniquely expansive opt-in burdens when they seek to make productive use of online information, including information that has never before been considered ‘sensitive,’” USTelecom said. “Because other Internet companies are subject to the FTC’s more flexible regime, they confront no opt-in requirement when they serve sports-related ads to consumers who visit sports-related websites. But the Order subjects ISPs, and them alone, to an opt-in requirement for marketing-related uses of any web-browsing information, whether it involves sensitive subject matter or not. The Order thus impairs the ability of ISPs to compete with others in the digital advertising market space, an area where they are not market leaders.”

Groups representing advertisers said defenders of the rules never address FCC legal grounding for imposing rules. The groups also filed a recon petition. “Oppositions state that it is clear that the Commission has statutory authority to promulgate the Order, but do no more than restate the text of the Act in support of their opposition,” the filing said. “FCC’s reliance on [Communications Act] Section 222 to promulgate the Order was an arbitrary and capricious action.” The comments were signed by the Association of National Advertisers, American Association of Advertising Agencies, American Advertising Federation, Data & Marketing Association, Interactive Advertising Bureau and Network Advertising Initiative.

The Competitive Carriers Association said the rules are particularly burdensome to small carriers. They "were largely ignored in the related NPRM, and then, in the final Order, afforded very limited relief and defined too narrowly as providers serving 100,000 or fewer connections,” CCA commented. “Tellingly, none of the Oppositions address arguments raised by WISPA and other Petitioners regarding the disproportionate impact the rules adopted in the Privacy Order will have on small broadband providers,” the Wireless ISP Association noted.

NTCA urged the FCC to develop new rules that don’t discriminate against ISPs. “Fundamental infirmities of the new privacy rules are (a) the disparate treatment of broadband Internet access service (BIAS) providers and other broadband market participants and (b) the inaccurate factual analysis which conjectured that BIAS providers have a uniquely broader and deeper hold on user data than application and edge providers,” the group replied.