Sen. Ed Markey (D-Mass.) laid down another marker on the issue of broadband privacy Monday, headlining a press conference with privacy groups vowing to fight Republican efforts in Congress and at the FCC to roll back FCC broadband privacy rules.
Markey said that Democrats would wage a historic battle to preserve the rules, as well as the Open Internet order to which it is linked. He called ISPs gatekeepers and said FCC chairman Ajit was doing their bidding by trying to roll back the rules, starting with data security protections. He said that would allow ISPs to ignore best practices and make sensitive information more vulnerable.
Republicans in Congress are trying to roll back the framework using the Congressional Review Act (CRA).
Neema Singh Guliani, legislative counsel for the ACLU, said at the press conference that consumers are the ones that will be harmed the most, with poor and vulnerable communities particularly affected.
She pointed out that the rules require clear notice of the data they collect and do not allow for ISPs to make consumers providing information a quid pro quo for the service. She said that "take it or leave it" approach requires consumers to choose between giving up their privacy and using the internet.
She also said consumers need protections from discriminatory ad practices based on the information collected and shared about them.
Gaurav Laroia, Free Press policy counsel, said that consumers need the FCC rules to be protected from abuse.
All the speakers argued that ISPs are essentially monopolies, so consumers have little choice between giving up their info or acceding to their practices.
He said the public is not going to give up the protections without a fight.
FCC chairman Ajit Pai last week pledged to stay the implementation of the initial set of the new privacy rules—data security requirements—that are scheduled to take effect March 2 and has signaled the FCC will rethink the entire regime to the degree that it diverges from the lighter-touch approach of the Federal Trade Commission over edge providers.
The FCC back in October voted along party lines to require ISPs to get their subs' permission to share their web surfing and app use histories and other "sensitive" data with third parties for marketing and other purposes. It was billed as based on transparency, consumer choice and data security. The FTC has no such opt-in requirements for the data collection and sharing of edge providers like Google and Facebook.
The vote on the FCC framework was 3-2, with one concurrence from Democratic commissioner Mignon Clyburn, over the absence of a prohibition on mandatory arbitration clauses, and two strong dissents from Republican commissioners. Since then, the FCC has lost both Democratic chair Tom Wheeler and commissioner Jessica Rosenworcel, with the two dissenting Republicans—Pai and Michael O'Rielly—now in the majority.
ISPs say that the FCC opt-in regime could take a big bite out of the free-content model that powers the internet, since it relies on targeted marketing to remain free. They asked the FCC to stay the rules, arguing they need to be harmonized with the FTC approach.
Separately Monday, Rep. Frank Pallone (D-N.J.), ranking member of the House Energy & Commerce Committee, asked the GAO to study the broadband regulatory landscape given the fluctuating authority issues and ongoing threats to consumer data and security.
The ISP-backed 21st Century Privacy Coalition is all for re-setting the FCC framework, including via the CRA.
Coalition cochair Jon Leibowitz, former Democratic FTC chair, says that a CRA would leave no enforcement gap because "Section 222 of the Communications Act will still apply, even in the absence of specific rules. Section 222 has applied to ISPs since the FCC adopted the Open Internet Order and, in an enforcement advisory in May 2015, the FCC made clear that it would use the statute to ensure ISPs protect their customers’ privacy. A CRA resolution of disapproval therefore would not leave ISP customers’ privacy rights unprotected," he said. "To the contrary, it would restore the status quo in effect for the 18 months prior to the passage of the October 2016 privacy rules. Moreover, the FCC is not hamstrung moving forward. The FCC could adopt new rules not ‘substantially the same’ as the rules adopted in October which could, for example, include an approach similar to the FTC’s proven privacy framework."