Senate Votes To Roll Back Privacy Protections For Internet Users

Image courtesy of inajeep

The FCC’s efforts to put restrictions on what internet service providers can do with the information they have about their users is all but dead, following a party-line 50-48 vote in the Senate this afternoon to roll back this regulation.

When the FCC reclassified broadband internet as a vital piece of telecommunications infrastructure in 2015, it means that the agency also had to take over responsibility for considerations of privacy in this industry. Previously, this issue had largely been a matter — like many federal privacy concerns — for the Federal Trade Commission.

After much consternation from the telecom and cable industry, the FCC adopted the new privacy rules in Oct. 2016, requiring, among other things, that internet service providers get users’ permission before they can share certain sensitive information with third parties.

The new rules also stated that ISPs must give users a way to opt out of having their less-sensitive information shared with third parties. The privacy rules only apply to internet service providers — think Comcast, AT&T, Verizon, Charter — and not to content companies like Facebook, Google, or Netflix. The FCC has no authority to regulate privacy practices for content providers.

Because of this disparity, the telecom industry cried foul, saying the rules were unfair and calling on Congress and the Trump administration to stop them.

The FCC, under the direction of new Chairman Ajit Pai, has already stayed a data security requirement of the rule from going into effect. That part of the rule was supposed to have kicked in on March 2.

Today, the Senate used a legislative tool known as the Congressional Review Act (CRA) to get the ball rolling on repealing the entire rule.

The CRA is a 1996 law that gives Congress a brief window of time to review any new major regulations to decide whether or not they approve. Until recently, the CRA had only been used successfully once in its two decades of existence. However, the start of a new Congress made the CRA review window larger than it usually would be, and now lawmakers — with the GOP controlling the House, Senate, and White House — are using the law to roll back a number of regulations finalized during the last months of the Obama administration.

Under the CRA, the House and Senate must each pass resolutions of disapproval. Unlike a traditional law, this sort of resolution only requires a simple majority in the Senate to pass. Supporters of the FCC privacy rule had hoped there were would be a few lawmakers willing to break rank and vote against the resolution.

This afternoon’s vote was strictly along party lines. Sens. Rand Paul (KY) and Johnny Isakson (GA), both Republicans, did not vote.

The House must now take up the resolution. However, given the GOP’s more significant majority in that chamber, it seems unlikely that the resolution will be defeated. After that, the White House would sign the resolution, officially undoing the FCC’s privacy rule and requiring the agency to start from scratch.

The Senate vote, while not a surprise, is seen as a letdown by consumer and privacy advocates.

“Internet service providers like Comcast and AT&T have been trying to get rid of these rules since the day they were approved, and the Senate just handed them a big victory,” says Jonathan Schwantes, senior policy counsel for our colleagues at Consumers Union. “Consumers have a fundamental right to privacy. The FCC rules were carefully designed to give broadband customers greater choice and security for their private data. This move by the Senate is a huge step in the wrong direction, and it completely ignores the needs and concerns of consumers.”

Dallas Harris, Policy Fellow at Public Knowledge, criticized lawmakers for giving minimal consideration to this resolution, and calls the vote a “clear sign that American interests come second to those of broadband providers… Without the FCC’s broadband privacy rules, Americans go from being internet users to marketing data — from people to the product.”

Speaking to reporters after this morning’s monthly public meeting of the FCC, Chairman Pai stressed the privacy is still a concern for the Commission.

“I think everybody on this issue wants to recognize and vindicate consumers’ uniform expectation of privacy,” said Pai. “When an American goes online, he or she wants to make sure his or her data is protected.”

When asked about his previous opposition to the privacy rule and his stance that the existing statute does not support the rule currently being reconsidered in Congress, Pai said that the point of his dissent was that because consumers “have a uniform expectation of privacy, it seems reasonable therefore for there to be a level playing field for regulation.”

The Chairman expressed his opinion that whatever privacy standards the FCC does apply should not be out of line with what these same companies saw under the FTC.

“The FCC should have made sure that its regulatory approach matched the FTC’s,” explained Pai. “That kind of disjunction is something that ultimately doesn’t serve consumers well.”

There is also talk of Congress passing legislation — or the FCC rewriting its rules again — to undo the 2015 reclassification of broadband. Would that mean that privacy considerations go back to the FTC?

That’s a question that Pai couldn’t address, calling it a “double hypothetical” that he was “not going to wade into.”

The telecom and broadband companies we reached out to referred us to a statement released by industry trade group USTelecom.

“Consumers deserve a single, clear framework for how their private online information is protected and consistent standards for how – or if – data can be shared by companies,” says USTelecom CEO Jonathan Spalter. “The step the Senate took today will remove the conflicting set of privacy protections set in motion by the FCC rules adopted last October. These rules varied from the industry principles developed last year and established a double-standard by creating different sets of regulation for internet service providers on the one hand and the rest of the internet ecosystem on the other.”