Image of computer screen with lock on office desk representing change in the FCC privacy rules in the U.S.
FCC Privacy Rules Gets a Makeover in the US And It’s Not Pretty

FCC Privacy Rules Gets a Makeover in the U.S. – And It’s Not Pretty

The last six weeks has not filled anyone concerned with internet privacy anything approaching a sense of comfort. In a move that has been widely criticised, the Trump-controlled congress in the United States has rolled back the broadband “privacy” regulations passed by the Federal Communications Commission (FCC) passed only last year. Repealing the FCC privacy rules that were specifically designed to prevent Internet Service Providers (ISPs) from gathering and selling users’ Internet browsing history, is a potential death knell for individual online rights to privacy.

There is increasing concern that the Trump political machine – and Republicans at large are now being targeted by an increasingly influential telecom industry. In fact, the two Republican sponsors (Sen. Jeff Flake, R-Ariz., and Rep. Marsha Blackburn, R-Tenn.) of the new legislation received significant amounts of cash in the form of campaign donations from key players in the Telecom industry such as Verizon.
Of course, these telecoms giants have a very good reason to celebrate the repeal of the privacy protection provided by the FCC privacy rules. Without privacy protection for their customers, ISPs have smoothed the way to monetising the masses of data they gather on Internet users surfing habits – data which marketers would find almost invaluable.

FCC privacy rules – The ISP position

ISPs have tried to spin the repeal as a positive for Internet users – although the logic seems a bit murky. In a nutshell, the ISPs claim that the latest blow against privacy will actually enhance the Internet users’ experience by allowing targeted marketing focused on their individual preferences as indicated by their surfing habits. The lobbying group NCTA – The Internet & Television Association, which represents giants like Verizon, AT&T and Comcast was instrumental in the push to roll back the FCC privacy rules and was also quick to defend the action.

In a statement released after the repeal, the NCTA responded to enquiries on their support of the move:

“We appreciate today’s Senate action to repeal unwarranted FCC rules that deny consumers consistent privacy protection online and violate competitive neutrality. … Our industry remains committed to offering services that protect the privacy and security of the personal information of our customers. We support this step towards reversing the FCC’s misguided approach and look forward to restoring a consistent approach to online privacy protection that consumers want and deserve.”

This is both disingenuous and puzzling. Why would repealing protection of privacy allow for ‘consistent privacy protection?’ One of the reasons that was put forward by the NCTA was that it was in response to consumer demand.

In a follow-up statement the NCTA maintained that “Consumers expect to learn about new products and services through marketing or advertising based on non-sensitive data.”

However, user browser history, which would now be for sale to the highest bidder is actually classified by the FCC as “sensitive,” not “non-sensitive” information.

In an attempt to clarify their stance, the NCTA claimed that ISPs ‘have never challenged the recognised categories of sensitive data (health, financial, children’s information, precise geo-location, etc). That information has not and will not be used.’

The devil, as they say is in the details – and this is where the difference between what is seen as ‘sensitive’ and ‘not sensitive’ data. The new FCC privacy rules would require that ISPs obtain specific consent from clients prior to sharing any data deemed ‘sensitive’ with marketers and advertisers. At least this is what the FCC is pushing.

However – even this sort of safeguard seems to be on the verge of falling by the wayside under the continued pressure from ISPs and their powerful lobbyists – and even if the distinction between ‘sensitive’ data and other information is maintained (which seems unlikely) ISPs would still not be required to obtain that ‘problematic’ (at least for them) opt in consent for the use of information such as the clients’ email address.

Google and Facebook comparison

The NCTA does make one very good point. They claim that so called ‘edge providers’ like Facebook are already selling information to advertisers – so why should ISPs be held to a greater level of responsibility? However, it still does not explain just how the ISPs can reconcile a commitment to privacy with a stated aim of selling customer data. It’s patently obvious that they want a slice of the pie by monetising customer browsing habits – it’s really that simple.

There is of course an enormous difference between companies like Google and Facebook using customer data. Facebook and Google can capture and sell information generated by individual activity on their particular owned sites. The ISPs are a whole different kettle of fish. They carry all of an individual’s network traffic – in essence they track absolutely everything that the individual does online, making into very easy for them to build an extremely detailed profile of the client. You could choose not to use Facebook – but you simply cannot choose not to use your ISP’s services. That profile, including subscribers’ home address, telephone numbers and other details are collected when they sign up for services. This can augment and enrich the online data that is gathered.

This information is worth significant amounts of money and it is difficult to imagine that they will not mine that data for all that it is worth.

The ISPs are of the opinion that a level playing field is required. To paraphrase their opinion – ‘what is good for the goose (Google and Facebook for instance) should be good for the gander’. The point may be valid, but the outcome of the FCC privacy rules repeal seems obvious to any user of the Internet – it’s going to significantly erode Internet user’s right to privacy and indeed the ownership of their personal data.

The fight continues

Consumer advocacy groups are fighting tooth and nail to apply more stringent privacy requirements to ISPs. Their argument is simple. Although the Internet user can migrate away from sites like Google and Facebook with little effort, changing their ISP is considerably more challenging, especially for users who may have fewer choices due to limitations, for instance in rural areas. They also add that services like Google and Facebook offer free services in exchange for pushing advertising and using personal information – a trade-off that those using the social media and the world’s most popular search engine seem willing to tolerate. ISPs on the other hand charge for their services. This makes the argument from the ISPs about ‘levelling the playing field’ far less compelling.

Privacy takes a body blow

Until the repeal of the FCC privacy rules, the FTC had at least some control over the ISPs – under Title II, Section 222 of the Communications Act – commonly referred to as 2015’s ‘Net Neutrality Order’. In a bizarre twist, ISPs like Verizon and AT&T are referred to as ‘Common Carriers’ due to the fact that they also offer telephone services. This designation means that no regulatory body has clear authority over their activities related to privacy.

The coming months following the repeal of the FCC privacy rules will indicate if the ISPs live up to their promise to handle privacy in a sensitive manner. However, given the overriding profit motive it seems that Internet users are going to have to get used to the fact that privacy is now a privilege that is not in any way, shape or form inviolate. It’s going to be a bumpy ride.