Cable Ops Promote Common Privacy Standard

NCTA stakes out what it said is common ground to build on
Author:
Publish date:
NCTA logo

Cable operators are signaling to the Trump Administration that consensus is building over some common principles, that includes commonality between edge providers--represented by the Internet Association and Software Alliance--and ISPs represented by NCTA-The Internet & Television Association, and the American Cable Association.

Both ISPs and edge are concerned about a "balkanized" patchwork of state and local privacy regs, about an overly prescriptive privacy regime, and have gotten enough signal from both sides of the aisle in both Houses of Congress, as well as from the Trump Administration, to know there is likely bipartisan momentum for some kind of privacy legislation/regulation.

Related: Amazon Slams California Privacy Bill

The National Telecommunications & Information Administration back in September sought input from stakeholders on "a set of user-centric privacy outcomes that underpin the protections that should be produced by any Federal actions on consumer-privacy policy, and a set of high-level goals that describe the outlines of the ecosystem that should be created to provide those protections." That language signals the Trump Administration is not looking to come up with suggestions for prescriptive regulations in that space, which is not surprising given the President's emphasis on getting rid of regulations rather than creating new ones.

Both NCTA and ACA said a national privacy framework is needed.

"ACA supports the development of a national privacy policy for ISPs that accounts for the unique characteristics of smaller providers and their customers," said ACA president Matt Polka. "Any such policy should follow a risk-based approach and be competitively and technology-neutral. In addition, it should apply uniformly in all jurisdictions in the U.S. so that consumers can understand and act on their rights regardless of the entity accessing their personal information and so that businesses have greater certainty and lower compliance burdens."

The compliance costs are particularly heavy for smaller operators with less discretionary spending.

Related: Charter Says Parity Is Key to Online Privacy

In NCTA's filing, it spelled out what it said were the common principals NTIA could build on:

Parity--A single national framework applied consistently and to all players.

Transparency--All companies collecting data should provide clear and conspicuous notice to consumers of the data they collect, how they use it and why it may be shared with third parties and when such policies are materially changed.

Consumer control--There would be simple methods of controlling the use, transfer and and sale of information, but ones that still allow for "beneficial uses of consumer data that lead to innovation, new products and capabilities, and customized services that consumers increasingly want."

One of the key issues of debate over the issue of control is when and whether consumer permission to collect, use and share data should be opt-in or opt-out.

NCTA said that should depend on context, user expectations and the sensitivity of information. It told NTIA the agency could "provide a more concrete vision of how a context-based permissions regime would operate."

Security--Companies should take "reasonable" measures to protect the consumer data they collect and store.

Right to Access, Delete and Correct--Companies should provide consumers access to the categories of data the company collects, and to obtain all the "personally identifiable" data they have provided "directly" to the company--so, not anonymized data, and a "reasonable opportunity" to correct inaccurate info. But NCTA says that should be a qualified right to delete personally identifiable information subject to various exemptions for things like completion of transactions and fulfillment of consumer requests.

Risk management--Companies should be incentivized to mitigate risk or harmful uses or exposure of data rather than given a rigid, checklist of "cumbersome procedural burdens."

Enforcement and accountability--NCTA says the Federal Trade Commission "has proven itself as an effective and trusted steward of consumer privacy and data security." But, it also says that the FTC "must have the “necessary resources, clear statutory authority, and direction to enforce consumer privacy laws in a manner that balances the need for strong consumer protections, legal clarity for organizations, and the flexibility to innovate.” NCTA pledged to work with NTIA the FTC and Congress to determine whether and which additional tools it may need.

Harmonization--a patchwork of state and local privacy laws doesn't work, so a "harmonized" federal approach is the way to go. 

Related