The Government Accountability Office has been asked by a high-profile Democratic legislator to study the status of broadband privacy regulatory authority over both ISPs and the edge.
The request comes from Rep. Frank Pallone (D-N.J.), ranking member of the House Energy & Commerce Committee, in a letter to the agency, according to a copy obtained by B&C. Pallone points to the bifurcated oversight of ISPs (FCC) and edge providers (Federal Trade Commission) and the "fluctuating state of the law and underlying threats to individuals' privacy and security online."
Those include that a court case has brought into question the FTC's ability to regulate edge provider privacy if that edge provider is owned by a common carrier—such as Verizon buying Yahoo—and the fact that the FCC's broadband privacy framework is under review by the current chairman of the FCC, Ajit Pai, and is tied to the Title II reclassification of ISPs that Pai is looking to reverse, as are congressional Republicans.
In a letter to comptroller general Gene L. Dodaro, Pallone asks for GAO to study and report back to the committee, pointing out that "[w]ith the near universal use of the internet, and the rapid expansion of connected devices, corporations now have more information about American consumers than ever before," adding: "It is, therefore, more important than ever that Americans’ privacy and security be protected online. Studies show that when people are concerned about their privacy and security, they limit their online economic and civic activities."
He is looking for answers to the following questions directed at both edge providers and ISPs:
- "How are companies collecting, sharing, and using data on consumers? What types of data are being collected, shared, and used?
- How, if at all, are companies disclosing their privacy policies to consumers and notifying consumers of data breaches, and is this notification effective?
- Do consumers have meaningful control of the collection, use, sharing, retention, and security of their information? Or are consumers forced to accept the collection, use, sharing, retention, and security practices of a company 'as is' to use the product or service?
- What challenges do consumers face in protecting their information, and to what extent has the federal government or the private sector taken steps to address these challenges? How successful are any efforts to anonymize or de-identify consumer information, and how easy is it to re-identify that information?
- How do FCC, FTC, and other federal agencies regulate and oversee the private sector’s collection, use, sharing, and securing of consumer information?
- How, if at all, do the approaches of the FCC, FTC, and other federals agencies differ, and which approaches provide the greatest protections for consumers’ privacy and security online?"
The letter comes as congressional Republicans are looking to invalidate the FCC's broadband privacy framework using the Congressional Review Act, while Democrats are vowing to fight that effort, as they did in a press conference Monday headlined by Sen. Ed Markey (D-Mass.)