As the Obama Administration carried out several midnight regulations in December, the FCC issued new rules that regulated how Internet Service Providers (ISPs), such as Verizon, Comcast, AT&T, T-mobile, and Time Warner, secure and protect “sensitive” or “private” customer data as they collect and share it with advertisers or other third parties.
This “sensitive” or “private” data includes mobile app usage, Internet browsing data, geolocation data, children’s information, financial data, health information, and communication content.
This does not include non-ISPs or “edge providers,” like social media services, e-commerce sites, and search engines, which do not have as much leeway with customer data as ISPs.
The FCC’s new rules would have:
- required ISPs to offer opt-in methods to gain customer’s affirmative consent before selling or sharing information,
- regulated how ISPs disclose to customers what information is collected,
- required that ISPs disclose how this information is shown,
- and it would require that ISPs disclose when there are data breaches.
In response to the midnight regulations, The House of Representatives passed the Midnight Rules Relief Act to amend the Congressional Review Act and the new head of the FCC, Ajit Pai, partially paused the new FCC regulations before they could take effect on March 2nd.
These pre-emptive moves facilitated the U.S. Senate and House passing S.J.Res 34 and the U.S. House of Representatives introducing H.J Res 86 as joint resolutions to nullify the new FCC regulations. These joint resolutions nullify all of these rules without allowing ISPs to fall back under the jurisdiction of the FTC. Joint resolutions, in this context, can be used to create exemptions to existing laws or to amend the constitution and would make it more difficult to pass similar regulations in the future.
Non-ISPs and “sensitive” and “private” customer data can be regulated by the FTC under Section 222 of the Communications Act of 1934, but ISPs often use Section 222’s common carrier exemption to avoid FTC jurisdiction. Therefore, the FCC jumped in and took over jurisdiction of regulating ISPs by regulating the Internet. This is also helpful to the FTC because it does not have the resources to handle ISPs handling of the Internet.
Typically, the FCC makes rules and regulations, while the FTC enforces regulations and investigates offenses.
As outlined by the Electronic Frontier Foundation, without data privacy protections, “sensitive” or “private” data can be sold to data marketers and data brokers, which can get into the hands of hackers. ISPs can also hijack searches, use targeted advertisements, pre-install software on your phone and record your activities, and inject tracking cookies in your HTTP traffic.
The advertisement and broadband industry are all too excited about gutting regulations and may even use these turn of events to have another shot at charging premiums for privacy.
In 2015 this was a $22.6 billion dollar industry and Is projected to be $33.5 billion dollar industry by 2017, according to statista.com.
Those who oppose deregulation argue that all data should be treated equally so that users have social, political, and economic empowerment. Without the privacy protections, people fear that users will be censored, profiled, discriminated against, and that their data will be vulnerable to cybercriminals. They also argue that broadband infrastructure and ISP revenues are up since the FCC’s Open Internet Orders on net neutrality rules were enacted.
Advocates of deregulation include ISPs and advertisers who want a “level playing field” with non-ISPs and argue that broad privacy regulations stunt innovation and economic growth. The Republican Party platform also condemns net neutrality as a plan “to turn over the Information Freedom Highway to Regulators,” as reported by The Week.