×

Once registered, you can:

  • - Read additional free articles each month
  • - Comment on articles and featured creative work
  • - Get our curated newsletters delivered to your inbox

By registering you agree to our privacy policy, terms & conditions and to receive occasional emails from Ad Age. You may unsubscribe at any time.

Are you a print subscriber? Activate your account.

FTC Could Regain ISP Privacy Oversight, But It Won't Be Easy

By Published on .

FCC Chairman Ajit Pai
FCC Chairman Ajit Pai Credit: FCC
Most Popular

The death of the Federal Communication Commission's privacy rules for internet service providers was made final with the fatal blow of a vote in the Republican-led U.S. House of Representatives Tuesday. Now observers are keeping their eyes peeled for news that FCC Chairman Ajit Pai -- who was against the never-enacted privacy rules from the start -- or Congress itself will begin the process of reclassifying the Verizons and Comcasts of the world in order to send them back under the jurisdiction of the less-powerful Federal Trade Commission.

That itself is up in the air. If the FTC does regain its oversight, the result is likely to be weaker privacy protections than what the FCC intended with its rules, as well as a relatively clear path for telcos to pursue their data-revenue-generating goals.

Last week, the Senate passed a bill to invalidate the FCC rules. On Tuesday, the House passed its companion resolution, the last nail in the coffin for the rules, championed by privacy advocates and opposed vociferously by industry.

Had they gone into effect as originally planned for earlier this month, the FCC rules would have blocked internet service providers from activities like using and sharing data on location and web-browsing habits unless consumers gave explicit opt-in permission.

The demise of the rules means that for now it's clear sailing for telcos as they embark on new data-sharing partnerships that help turn data showing what consumers look at on their phones and where their mobile devices have been geographically into new revenue streams.

Today, as a result of the FCC's adoption of net neutrality rules for broadband in 2015, telcos and ISPs are classified as common carriers, giving the FCC jurisdiction over ISP use of consumer data, the same way the agency has purview over how phone companies use our information.

"There will be horse-trading on the hill as to whether the common carrier exemption should be repealed," said Gigi Sohn, who served as senior counselor to former FCC Chairman Tom Wheeler, who led the charge toward establishing the moribund privacy rules for ISPs.

As things currently stand, the FCC, which has rulemaking authority, has jurisdiction over how telcos and ISPs handle data privacy and security. The FTC, which is perceived as weaker because it cannot make rules companies must abide by, has jurisdiction over so-called "edge" providers that ISPs connect consumers to such as website operators like Facebook, email providers like Google, mobile app platforms like Apple, and the website and mobile app publishers themselves.

Detractors of the FCC rules including telcos and ad industry trade groups were against them since the wheels started rolling toward their passage last year. Those fighting the rules have been in lock-step, arguing that they create an unlevel playing field, requiring ISPs to abide by more stringent regulations than every other type of company operating in the sprawling digital media, ad and data industries.

On March 1, the newly named Trump administration leaders of the FCC and FTC wrote a joint statement reaffirming their support for FTC jurisdiction over ISP privacy. "We still believe that jurisdiction over broadband providers' privacy and data security practices should be returned to the FTC, the nation's expert agency with respect to these important subjects. All actors in the online space should be subject to the same rules, enforced by the same agency," wrote FCC Chairman Ajit Pai and FTC Chairman Maureen Ohlhausen.

"I expect that Chairman Pai will try to sell this to all the people upset about privacy as a way to ensure their privacy is protected," said Ms. Sohn.

A legal mountain to climb

Despite the intentions of the agency chairmen to put ISP privacy in the hands of the FTC, it will be no easy task, said Catherine Sandoval, associate professor at Santa Clara University School of Law.

"You can't just assume that. There's a big legal mountain between here and there," said Ms. Sandoval, who previously served as a commissioner of the California Public Utilities Commission and was the VP and general counsel of radio, digital and billboard media firm Z-Spanish Media Corporation.

One legal peak to climb: precedent set by a U.S district court ruling siding with AT&T against the FTC last year which carved out an exemption for companies that provide bundled phone and ISP services which effectively protected AT&T from FTC regulations protecting consumers from unfair or deceptive practices.

Even if the FTC eventually garners ISP jurisdiction, argued Ms. Sohn, "it will lead to some privacy protection but much weaker than what people just lost." She pointed to FTC Chairman Ohlausen's high bar for showing harm against consumers before actions against companies are taken, noting, "She wants to see harm first. Well, rules protect you before you're harmed."

For now, said Ms. Sandoval, "what we're left with is a period of uncertainty where the carriers may do certain things but it's unclear. Does the FCC have jurisdiction or does the FTC have jurisdiction?"

She continued, "I don't think that it is healthy for consumers, carriers, advertisers or the American economy for all of this to be in limbo."