Cable operators are signaling to the Trump Administration that consensus is building over some common principles, that includes commonality between edge providers--represented by the Internet Association and Software Alliance--and ISPs represented by NCTA-The Internet & Television Association, and the American Cable Association.
Both ISPs and edge are concerned about a "balkanized" patchwork of state and local privacy regs, about an overly prescriptive privacy regime, and have gotten enough signal from both sides of the aisle in both Houses of Congress, as well as from the Trump Administration, to know there is likely bipartisan momentum for some kind of privacy legislation/regulation.
Both NCTA and ACA said a national privacy framework is needed.
The compliance costs are particularly heavy for smaller operators with less discretionary spending.
In NCTA's filing, it spelled out what it said were the common principals NTIA could build on:
Parity--A single national framework applied consistently and to all players.
Transparency--All companies collecting data should provide clear and conspicuous notice to consumers of the data they collect, how they use it and why it may be shared with third parties and when such policies are materially changed.
Consumer control--There would be simple methods of controlling the use, transfer and and sale of information, but ones that still allow for "beneficial uses of consumer data that lead to innovation, new products and capabilities, and customized services that consumers increasingly want."
One of the key issues of debate over the issue of control is when and whether consumer permission to collect, use and share data should be opt-in or opt-out.
NCTA said that should depend on context, user expectations and the sensitivity of information. It told NTIA the agency could "provide a more concrete vision of how a context-based permissions regime would operate."
Security--Companies should take "reasonable" measures to protect the consumer data they collect and store.
Right to Access, Delete and Correct--Companies should provide consumers access to the categories of data the company collects, and to obtain all the "personally identifiable" data they have provided "directly" to the company--so, not anonymized data, and a "reasonable opportunity" to correct inaccurate info. But NCTA says that should be a qualified right to delete personally identifiable information subject to various exemptions for things like completion of transactions and fulfillment of consumer requests.
Risk management--Companies should be incentivized to mitigate risk or harmful uses or exposure of data rather than given a rigid, checklist of "cumbersome procedural burdens."
Enforcement and accountability--NCTA says the Federal Trade Commission "has proven itself as an effective and trusted steward of consumer privacy and data security." But, it also says that the FTC "must have the “necessary resources, clear statutory authority, and direction to enforce consumer privacy laws in a manner that balances the need for strong consumer protections, legal clarity for organizations, and the flexibility to innovate.” NCTA pledged to work with NTIA the FTC and Congress to determine whether and which additional tools it may need.
Harmonization--a patchwork of state and local privacy laws doesn't work, so a "harmonized" federal approach is the way to go.