Trump Administration Reverses Broadband Provider Privacy ProtectionsApril 24, 2017 |
On April 3, 2017, President Donald J. Trump signed into law S.J. Resolution 34, a partisan-enacted joint congressional resolution disapproving of (and thus negating) a rule submitted in 2016 by the Federal Communications Commission (“FCC”), which provided additional protections to consumers when using broadband services. The result is a reversal in privacy provisions that were to be implemented this year under the FCC rule.
That rule would have required broadband internet service providers (“ISPs”) to, for the first time, implement certain privacy policies, including (1) informing customers about their right to opt in or opt out of the broadband provider’s use or the sharing of the customer’s confidential information; (2) adopting required data security and breach notification procedures; (3) prohibiting broadband providers from offering services contingent on the customer surrounding privacy rights; and, (4) requiring disclosures and affirmative consent when a broadband provider seeks the right to use customer’s confidential information in exchange for financial incentives. By pen of this President, the protections of that rule are now gone.
The overturning of the FCC rule is a dent in what appeared to be a surge in efforts to give consumers more privacy rights in the electronic world. Still, the FCC rule was limited to broadband ISPs, and thus, does not affect websites like Facebook and Google, which remain governed by Federal Trade Commission regulations. Notably, the FCC rule viewed consumers as “owning” information like what websites they traveled to and what purchases they made, etc., while those legislators who voted to nullify the FCC rule appear to view the information as owned by the ISPs, e.g. such that ISPs should be allowed to freely profit from this information.
It remains to be seen whether this will lead to changes by other authorities, such as the FTC, or in current laws designed to, for instance, protect children on the internet, such as the Children’s Online Privacy Protection Act. In all events, the change signals good news for ISPs but may put them in a sticky position – either they voluntarily agree to protect their customers’ information by voluntarily implementing the FCC requirements, or they freely use or profit from the information and risk losing customers in the event of a privacy breach or a competitor who voluntarily implements the FCC rule. News articles published before the bill was signed into law stated that major broadband providers professed that they would continue to allow customers to opt out of allowing them to sell their browsing history regardless of S.J. Resolution 34 — though now that S.J. Resolution 34 is the law, they could change that policy.