News, insights and resources for data protection, privacy and cyber security leaders

Looking Back at the 2017 Repeal of U.S. Broadband Privacy Rules

If the U.S. wants to continue doing business with other regions they will have to take into account the latest evolution of privacy rules in other regions such as the EU. The latest GDPR rulings suggest that this approach to privacy will simply not meet the increasingly high standards set in the greater Europe. The confusion surrounding responsibilities between the FCC and FTC will only muddy the waters.

Scenario: The worst case

At this point unless new legislation is promulgated in the U.S. there is nothing to stop an ISP selling data without asking the permission of its customer. The scope for abuse is enormous. And the situation is that it is now not only browsing data – it’s every piece of information that the ISP can gather.

This raises nightmare scenarios such as insurance providers being able to buy information that would allow them to profile ISP clients according to their medical history and potentially refuse to pay for medical treatments. And that is only the tip of the iceberg. Direct selling organizations would dearly love to have location information that would allow them to further tighten their approach when reaching out to consumers – and this may have grave implications for those already bombarded with marketing messaging.

What next? It’s complicated

The primary argument for repealing these broadband privacy rules was that the FTC already handles privacy protection. The FTC does handle issues such as when (hypothetically) Target’s loyalty card system gets hacked, or if Facebook or Twitter are involved in collusion to exploit members. But in 2015, the FCC exerted authority specifically over ISPs, removing them from the FTC’s jurisdiction.

The repeal of the existing legislation puts responsibility back in the hands of the FTC. But, and it’s a big but – the FTC is legally barred from regulating ISPs. The FCC’s move in 2015 actually allowed the FTC to take the lead when problems were identified on the business side of the ISP. A good example would be price fixing on a national level. But a recent court decision put ISPs solely in the jurisdiction of the FCC.

So the consumer is faced with a situation where both the FCC and the FTC are now barred from making broadband privacy rules for ISPs. In effect no one is policing the privacy rights of ISP customers.

Technically the FCC still has some authority over telecoms, but the current commission has made it clear they don’t consider ISPs telecoms, The latest moves on the legislative front mean that, in essence ISPs have carte blanche when it comes to their subscribers’ data. All is not completely lost – there may be some ways that the current situation can be remedied. New broadband privacy guidelines could be drawn up by the FCC – the danger is that they too closely resemble those that have recently been rescinded and would therefore be rejected.

Congress would have to pass new legislation that would give the FCC authority over common carriers.

ISPs could still sell customer data without asking for explicit permission. But it might level the playing field and bring some semblance of order to the rules. Politicians in the U.S. should have started down that path. Instead, they chose a path that preserves inconsistency and creates even more confusion. The only thing that is currently certain is that the privacy of ISP customers in the U.S. remains compromised.

The example of the U.S. is illustrative of the fraught relationship between government, big business in the form of ISPs and customers – or the man on the street. Other countries and regions such as the EU are taking careful note of the complexities that can surround these relationships and the increasingly complex nature of privacy in the age of the internet. The U.S. authorities would do well to study the results of extensive research that has been done elsewhere in order to comply with norms that the rest of the world is rapidly coming to accept. If the idea is to bring ‘consistency’ to the U.S. market then the same ideal should apply to bringing that entire market into compliance with what is happening across the globe.


Leave A Reply

Your email address will not be published.

Pin It on Pinterest

Share This