Last October, the FCC adopted a rule that limits what your internet service provider — home or mobile — can do with your private data. At the time, the rule was contentious, with two FCC commissioners dissenting volubly. One of those two commissioners, Ajit Pai, is now FCC Chairman, and he’s announced his plan to stop the privacy rule from taking effect because he thinks it’s not fair to pick on the Comcasts and Charters of the world.
The rule basically splits up data into two big buckets: opt-in and opt-out.
Any data deemed “sensitive,” like your geographic location, web browsing history, app usage history, and the content of your communications, is in the opt-in bucket. That doesn’t mean that an ISP can’t sell, trade, or use it, but it does mean that it has to get your explicit permission to do so first.
Anything that isn’t on the specific list of opt-in data is opt-out data: Your ISP can use it as it wishes, but has to have a mechanism available where you can choose not to have it sold or traded for advertising purposes.
Under the rule, anonymized, aggregated data can still be used and shared outside of either the opt-in or opt-out schemes — and pay-for-privacy deals, like the one AT&T tried with its gigabit customers for several months, are still totally fine.
Despite the rule creating a great deal of room for ISPs to continue benefitting financially from your data, however, the large providers have always hated the rule. Since the new administration took charge on Jan. 20, ISPs and their trade groups have lobbied Congress to reverse the rule through use of the Congressional Review Act, and have also petitioned the FCC directly to open a new procedure for reconsidering it.
The new leadership at the Commission is clearly sympathetic to this position, and is calling on the FCC to vote on effecting a stay on a specific section of the rule — relating to data security and data breach notification — by March 2.
An FCC spokesperson tells Consumerist that Pai “believes that the best way to protect the online privacy of American consumers is through a comprehensive and uniform regulatory framework. All actors in the online space should be subject to the same rules, and the federal government shouldn’t favor one set of companies over another.”
That’s a reference to ISPs perennial complaint that it’s unfair for the FCC to regulate them while major “edge providers” — internet companies like Facebook, Amazon, and Google — are regulated by the FTC, instead.
Pai and fellow commissioner Michael O’Rielly have long rallied around this cry. When the FCC adopted the privacy rule last year, Pai appealed to the FTC’s “technology-neutral framework for online privacy,” saying it applies to everyone: “It did not matter whether an edge provider or internet service provider obtained your data.”
However, the law actually splits oversight authority between the two agencies. The FTC cannot enforce its rules and guidelines over businesses considered common carriers under Title II of the Communications Act — which, thanks to net neutrality, now includes broadband providers.
We saw that in action when a court threw out an FTC action against AT&T last year. (That court ruling created a huge enforcement gap, the FTC argues, and it’s petitioning the court to re-hear its case.)
Pai, though, continues to advocate “returning to a technology-neutral privacy framework for the online world and harmonizing the FCC’s privacy rules for broadband providers with the FTC’s standards for others in the digital economy,” the spokesperson says, adding that “unfortunately,” the privacy rule slated to go into effect on March 2 is “not consistent with the FTC’s privacy standards.”
To that end, Pai will act on a request to stay the data security part of the rule before March 2. If commissioners Michael O’Rielly and Mignon Clyburn agree to vote on it by March 2, then the full commission vote will determine the fate of the stay request. If not, the FCC spokesperson says, then one of the commission’s bureaus will stay that element of the privacy rule, pending a later full Commission vote on the industry’s petition to reconsider the rules.
Either way, the stay is going to happen; if the Commission votes, the outcome is certain to be 2-1 in favor of the stay.
For what it’s worth, at the time the FCC voted to adopt the rule, then-FTC chair Edith Ramirez expressed her support for the action, saying that the FCC’s rule “will provide robust privacy protections, including protecting sensitive information such as consumers’ social security numbers, precise geolocation data, and content of communications, and requiring reasonable data security practices.”
However, Ramirez has since stepped down from the FTC. Commissioner Maureen Ohlhausen is currently Acting Chair, but has not given any indication of how the agency now feels about the FCC privacy rule.
Note: this story has been updated to clearer reflect which section of the rule is subject to the impending stay.
Editor's Note: This article originally appeared on Consumerist.