A dozen privacy groups including the ACLU, Center for Digital Democracy, Free Press and Public Knowledge took aim at an ISP-backed privacy framework in a letter to FCC Chairman Tom Wheeler Monday (March 7).
While they said it was encouraging that the ISPs had offered up a proposal--based on Federal Trade Commission enforcement of guidelines, rather than new rules--they disagreed with its direction. The letter says rules are necessary because ISPs are taking the lead on the "online behavioral advertising and related forms of data-driven, targeted marketing" rules would be needed to provide a governor on the increasing harnessing and monetization of powerful and invasive data being leveraged by ISP gatekeepers.
The FCC is widely expected to offer up a broadband CPNI proposal at its March meeting. FCC Chairman Tom Wheeler has signaled that was at least a possibility.
The privacy group letter pointed to data-driven marketing efforts by Verizon, Comcast and Cox to make the case for their power and harnessing and monetizing.
"The invasive and ubiquitous tracking practices of ISPs underscore the imperative for the FCC to exercise the full extent of its rulemaking authority to protect consumer privacy. As it stands, the Federal Trade Commission is simply not equipped to provide meaningful protections for consumer privacy for numerous reasons," the groups said.
ISPs in offering up their framework last week (http://www.broadcastingcable.com/news/washington/cable-ops-offer-privacy...), did not concede the FCC even had the authority to regulate broadband CPNI (customer network proprietary information), but said if it did, it should not impose new rules but enforce guidelines, and do it on all parts of the Internet ecosystem. (ISPs have argued that targeting them ignores the power of edge providers like Google and Facebook to target market and monetize information.)
"All entities in the Internet ecosystem should be subject to a consistent privacy framework with respect to consumer information," the ISPs said. "Consumer information should be protected based upon the sensitivity of the information to the consumer and how the information is used—not the type of business keeping it, how that business obtains it, or what regulatory agency has authority over it."
The privacy groups say the FTC enforcement model is not sufficient. "Fundamentally, the FTC is not a data protection agency. Without regulatory authority, the FTC is limited to reactive, after-the-fact enforcement actions that largely focus on whether companies honored their own privacy promises," they said.
In fact, they argue that the FCC can fill the "void" left by the lack of comprehensive privacy legislation. The same groups have been pushing for legislation to put some teeth into the Obama Administration's Privacy Bill of Rights, so far unsuccessfully.
"In light of the increasingly pervasive tracking practices of ISPs, it is imperative that the FCC take this opportunity to exercise the full extent of its rulemaking authority to protect consumer privacy."
“In this letter, the groups claim the FTC can’t protect consumer privacy today. But the FTC’s approach has been effective and provides the flexibility needed in a fast-paced marketplace to bring innovative new services to consumers," said Mobile Future. "Does this letter mean the FTC should take a stronger position when it comes to protecting consumer privacy with non-ISPs and edge providers? What consumers want — and need — is not a hodgepodge of rules and differing regulations governing various parts of our connected lives; we want consistency, uniformity, simplicity and transparency.”
Mobile Future members include AT&T, Cisco, Qualcomm, Samsung, and Verizon.
