Communications Litigation Today was a service of Warren Communications News.
Markey Weighs In

Pay for Privacy Emerging as Key Issue as FCC Moves Forward With Vote on ISP Privacy

October 21, 2016 by Howard Buskirk|Top News

Sen. Ed Markey, D-Mass., joined public interest and consumer groups Thursday as expected (see 1610170062) in encouraging the FCC to adopt strong rules for ISP privacy, set for a vote at the Oct. 27 commissioner meeting. Meanwhile, government and industry officials told us, the provisions on how and when ISPs are allowed to offer broadband at a lower cost to consumers willing to give up some privacy protections are emerging as a big issue, but one that has gotten little attention. The FCC released its sunshine notice for next Thursday's meeting, which includes the privacy order. Business data service rules that are also on circulation didn't make the cut, as was expected (see 1610200047).

We know that every click an American makes online paints a detailed picture of their personal and professional lives,” said Markey, a congressional telecom expert, on a call with reporters. “An ISP has the ability to see that personal, sensitive information. Today, there are no rules in place that prevent ISPs from collecting and sharing consumers’ personal information. That includes data like geolocation, financial information, web browsing history and app use history.”

The rules must give more power to consumers to choose when their personal information can be used or shared by ISPs and require the providers to protect the data they collect, Markey said. The rules also should include reasonable breach notification requirements, he said. “If your personal information has been compromised, it shouldn’t take weeks or months for consumers to be notified.”

The rules also should promote transparency “by mandating that ISPs disclose what they collect about consumers,” Markey said. “Broadband providers should not be allowed to compile massive and detailed dossiers about the consumers without their knowledge.”

Our communications are by definition sensitive,” said Susan Grant, Consumer Federation of America director-consumer protection and privacy, on the call. “That’s why the Post Office can’t read our mail and telephone companies can’t listen to our phone conversations.”

Laura Moy of the Institute for Public Representation at Georgetown University Law Center said she was hard pressed to think of examples of internet communications that shouldn't be considered sensitive and thus more protected under the FCC rules. Many privacy advocates opposed having that agency draw a distinction between sensitive and nonsensitive information, as proposed by Chairman Tom Wheeler (see 1610060031), Moy said. The distinction doesn’t exist in Title II of the Communication Act, she said.

It is a constructed distinction to try to create tiers of privacy protection for different kinds of information,” Moy said. “We just don’t really think that that’s a good approach to communications privacy, and that’s not what the Communications Act is about.”

Wheeler’s proposed rules will allow for some plans that allow subscribers to sign up for cheaper broadband in return for reduced privacy protections. Capitol Hill and industry officials said pay for privacy has become one of the bigger issues since Wheeler circulated draft rules two weeks ago. Such plans would be restricted, said an FCC fact sheet. “The Commission would determine on a case-by-case basis the legitimacy of programs that relate service price to privacy protections,” the FCC said. “Consumers should not be forced to choose between paying inflated prices and maintaining their privacy.”

Pay-for-privacy plans “would further the demise of low-income communities by making basic privacy rights a luxury and by inevitably creating a two-tiered system of privacy protection that is based on those who can afford to play and leaves behind those who cannot,” said Anika Collier Navaroli, with Color of Change, also on the call.

The median income of a black household in the U.S. was $36,000 in 2015 and pay-for-privacy plans could save consumers as much as $1,000 per year, Navaroli said, so the plans could be attractive to families with little discretionary income. “Our communities need strong privacy rules and they must ensure that we cannot be extorted into giving up our personal information for internet access.”

It’s really important that the commission moves forward here to really protect the lowest income, the most vulnerable consumers, those who are likely to be harmed by violations of their privacy,” said Dallas Harris, policy fellow at Public Knowledge.

Pay for privacy has been criticized by CFA and many other groups; we’d actually like to see it banned,” Grant said. “It is a very important issue.”

But Christopher Yoo, professor at the University of Pennsylvania Law School, said in an interview Thursday that the FCC must be careful of stifling innovation as it imposes new rules. “These rules are not just for today,” Yoo said. “We have to think about the way it affects the innovative environment in general.” Yoo, who with former FCC Chief Technologist Dave Farber is in the middle of a series of calls to aides to commissioners, said dangers are inherent in the FCC approving rules that depart significantly from the FTC framework.

If someone has to hire a lawyer and get a legal opinion on whether a new offering is subject to FTC or FCC regulation and how the rules apply, “that’s going to have an adverse effect on entrepreneurs and people with great new ideas,” Yoo said. “The FCC is making progress toward harmonization but there are still some key differences and they’re not using the same language. Basically, I think it’ll make a lot of lawyers in Washington, D.C., happy, but I don’t know that it’s good for the internet.”

On pay for privacy, Yoo said an advertising-supported system has helped make the U.S. a dominant internet player. “People in Europe and Japan are all asking where is the Facebook of Europe, where is the Google of Japan, and they just don’t exist,” he said. But Yoo said advertising support shouldn’t be “the only viable business approach open to innovative companies.” The pay-for-privacy model offers another option, he said.

Consumer data is inconsistently protected when it’s not allowed to be used in certain ways by some companies but is permitted to be used in the same way by others,” former House Communications Chairman Rick Boucher, D-Va., emailed us in response to the Markey statements. “In line with the FTC’s model, which applies to Internet edge providers, the FCC should develop an approach to privacy for ISPs with the level of protection based on the sensitivity of the data and how it’s being used. By conforming the privacy protections across the Internet ecosystem, consumer confusion will be avoided.” Boucher represents ISPs.

Privacy Meetings Ongoing

Meanwhile, meetings continued at the FCC on privacy rules. USTelecom President Walter McCormick met with Commissioner Mignon Clyburn and an aide to Commissioner Jessica Rosenworcel to seek more harmonization of the FCC and FTC rules, said a filing in docket 16-106. Harmonization is “particularly important with respect to web-browsing history and first-party marketing and ... the Commission should not expand the definition of sensitive information to include such a broad area as all web-browsing history,” group said. “Web browsing and app usage data should be considered sensitive only to the extent the content is otherwise categorized as sensitive information.”

Marketing and advertising associations said the Wheeler proposal would “inappropriately” classify all web browsing and application use history as “sensitive information” requiring opt-in consent from a consumers. “This type of data has never categorically been classified as “sensitive” in any legislative, regulatory, or self- regulatory regime,” the groups said. “To do so in the current rulemaking would undercut the competitive and innovative Internet marketplace, creating a negative impact on consumers and the diverse content and service offerings fostered by the responsible use of web browsing and application use history information for advertising and marketing purposes.” The American Association of Advertising Agencies, American Advertising Federation, Association of National Advertisers, Direct Marketing Association, Interactive Advertising Bureau and Network Advertising Initiative signed the filing.

The privacy rules pose “an outsized risk for negative long-term consequences across the entire Internet ecosystem” if the FCC’s rules aren’t better harmonized with the FTC framework, said officials from the Information Technology and Innovation Foundation in a meeting with a Rosenworcel aide. The American Cable Association and NCTA (here and here) also lobbied on the draft rules, ex parte filings show. There's a "need to harmonize the FCC’s broadband privacy rules with the" FTC privacy framework, "particularly with regard to the scope and definition of sensitive information," said NCTA, Charter Communications, Comcast and Cox Enterprises representatives in a meeting with an aide to Clyburn. "The Commission should refrain from adding new categories of data to the definition of 'sensitive information' beyond those already set forth in the FTC’s 2012 privacy report."