The FCC's broadband privacy vote continued to draw a crowd Thursday as more groups weighed in on the commission's decision to require broadband subs to give affirmative permission for the sharing of web browsing and app use history and to take action to boost disclosure of data sharing, data security and breach notification.
The Open Technology Institute was pleased with the move.
“OTI commends the FCC for taking this important step to protect the privacy of broadband consumers," said Laura Moy, acting director of Georgetown Law’s Institute for Public Representation, which represents OTI. "The rules approved today will finally give consumers the protection that they deserve and the Communications Act requires. We want consumers to have confidence in the internet as a safe platform for the exploration and expression of viewpoints without having to worry their ISP will be looking over their shoulder. By preventing ISPs from snooping into and monetizing private information without first getting their customers’ permission, this Order delivers that confidence.”
Demand Progress was equally upbeat, but also took the opportunity to take aim at the AT&T-Time Warner merger.
“Today, Chairman Wheeler and Commissioners Clyburn and Rosenworcel should be commended for asserting the FCC's jurisdiction over how internet providers protect their users' privacy," said Demand Progress executive director David Segal. "Time and again, we have seen the country’s largest ISPs, including AT&T, Comcast and Verizon, violate the public’s privacy—severely eroding trust and chilling free expression online in service of corporate profits. Today’s vote is a step forward, but much more must be done. AT&T in particular is a notorious violator of privacy rights, and these consumer abuses are but one of many reasons why we look forward to fighting the company's attempted takeover of Time Warner.”
The FCC's privacy order makes kids' information sensitive data that requires opt-in consent for sharing.
"Common Sense applauds Chairman Wheeler and the Commission for approving strong new protections for the privacy of children and families in their online lives and the right for broadband consumers to make informed choices about the use and sharing of their and their kids’ online information, including web and app activity, IP addresses, and geolocation," said Common Sense Kids Action founder James Steyer. "The new FCC rule will also protect families as they move from computers and mobile devices to a growing Internet of Things. This is an excellent step in increasing privacy protections for Americans overall, and we look forward to supporting the rule’s implementation as well as to supporting similarly robust rules for other online actors." Currently edge providers like Google and Facebook are not subject to similarly strong opt-in requirements, but some in Congress are looking to give the FTC more authority.
But there were plenty of pans, or at least partial pans, for the order, which ISPs have said could disrupt the ad-supported free content on the Web and give an unfair advantage to edge providers who are not under an opt-in regime for sharing web and app info with third-party marketers.
“The FCC’s new privacy rules board up the windows while leaving the doors unlocked. Rather than expanding the definition of sensitive data to include all web browsing and app usage history, the FCC should adopt the FTC’s more sensible framework as the privacy requirements for ISPs so the entire internet ecosystem is governed by the same rules," said Rick Boucher, former Democratic chair of the House Communications Subcommittee and currently honorary chair of the Internet Innovation Alliance.
"The bifurcated system that the Commission has created will surely harm consumers by creating confusion. There is a better way.”
Advertisers and ad associations were not happy.
"The FCC’s new sweeping privacy rules decision is unprecedented, misguided, counterproductive, and potentially extremely harmful," said the Association of National Advertisers. "Subjecting virtually all web browsing and application use data to opt-in consent is completely inconsistent with its long-standing treatment by the FTC, the states, and the Digital Advertising Alliance (DAA) self-regulatory program. ANA believed it was a positive step when the FCC stated it would distinguish between sensitive and non-sensitive data, but this proved to be merely misleading lip-service. The new definition of sensitive data adopted by the Commission today would encompass and swallow a vast amount of routine consumer data on the Internet and mobile media."
“Today the FCC took an unfortunate step toward destabilizing the ad-supported internet economy," said Dave Grimaldi, executive VP of the Interactive Advertising Bureau. "By voting to approve an overly-broad definition of “sensitive information” that includes web browsing history, the Commission’s action could impair the ability for online ads to support the wealth of consumer benefits we all have come to expect.”
Software developers said that while they recognized that the FCC needed to address the regulatory gap—the FTC can't regulate common carrier privacy, so the FCC deeded itself oversight when it reclassified ISPs as common carriers in the Open Internet order—the commission had gone too far.
“We are concerned that this new privacy regulation strays from the current FTC framework which focuses on information that is actually sensitive," said Software & Information Industry Association VP Mark MacCarthy. "The Commission is casting too wide of a net by classifying web browsing information, app history and other such data as ‘sensitive.’ This broad opt-in requirement is likely to create substantial confusion for consumers.”
USTelecom's reaction was mixed.
“When this proceeding began, USTelecom and many others urged the commission to harmonize its proposal with the framework developed by the Federal Trade Commission (FTC) given its years of experience with protecting consumer privacy," said USTelecom president Walter McCormick. "The FTC’s approach, endorsed by the White House, has supported innovation across the internet to deliver services that consumers want. The FCC’s partial revision of its proposal to more closely align with the FTC approach is a welcome change for consumers."
But there was a "but."
"Unfortunately, the FCC has chosen to depart from the FTC framework in some areas, for example, by summarily classifying all web browsing as sensitive information. This is a disservice to the goal of providing consumers with consistency in privacy expectations when they use the internet and poses a threat to continuing web innovation. The FCC’s argument that broadband providers have unique access to consumer information compared to other internet firms is simply wrong, as the record in the proceeding amply demonstrates."
Verizon, which is a member of USTelecom, was even more cautiously upbeat.
"Verizon is encouraged by the preliminary information we heard this morning about the privacy order approved by the FCC," said Kathy Grillo, senior VP and deputy general counsel. "Our company cares deeply about our customers’ privacy, and we strongly believe maintaining consumer trust is critical in each facet of our operations."
"From the outset of this proceeding, we stressed the importance of creating a consistent approach to privacy that gives consumers the same information and choices about the use of their data, regardless of the type of company they interact with online. While we will need to closely review the text of the FCC order after it is released, the final order appears to adopt rules that are much more closely aligned with the Federal Trade Commission’s privacy framework that has long applied to our ISP business and that continues to apply to the rest of the internet ecosystem.”