On Nov. 2, 2016, the FCC released its long-awaited broadband privacy Order and rules by a 3-2 vote. The Order comes nearly 18 months after the Commission moved to reclassify broadband internet access service (“BIAS”) as a common carrier telecommunication service under Title II of the Communications Act, and over the strenuous dissent of both Republican commissioners. The Order adopts policies and rules that alter the telecommunications privacy ecosystem based on three core goals articulated by the FCC: transparency, choice, and security. And while ostensibly adopting rules consistent with other privacy frameworks, the Order departs significantly from those existing regimes, applying heightened standards for both internet service providers (“ISPs”) and traditional telecom carriers. The FCC justified these departures in large part by its continued – and erroneous – argument that ISPs have access to more information than other entities operating in the online ecosystem. The two Republican commissioners vigorously dissented and with the upcoming change in administration the new majority could consider overturning the Order and rules.
The FCC argues that the new rules will “make certain that BIAS providers are protecting their customers’ privacy while encouraging the technological and business innovation that help drive the many benefits of our increasingly Internet-based economy,” and boasts that the new rules protect the privacy of broadband customers. In reality, however, consumer privacy arguably is no more protected under the new rules than it was under the prior framework, as evidenced by Commissioner Rosenworcel’s statement that seems to belie the assertion that ISPs are in a unique position because of the data they can access:, she acknowledges that “service providers, advertising networks, and companies specializing in analytics have access to your personal information. Lots of it. For a long time.” Commissioner Pai asserted that the new and more restrictive rules do nothing to address the vast amounts of information that edge providers collect, use and share. In fact, both Commissioners Pai and O’Rielly argue that the FTC’s existing framework should have been sufficient for both ISPs and edge providers, but if the majority was correct that such rules are needed, Commissioner O’Reilly points out that “the ball is now squarely in the FTC’s court” to return consumer privacy to a level playing field.
To further complicate matters, the FCC released three separate fact sheets -- one upon release of the NPRM, another with its circulation of a draft order, and lastly one upon release of the final Order. Each fact sheet paints a somewhat inaccurate picture of the impact of the new rules, making it all the more imperative to understand the details of the FCC’s new privacy requirements and obligations, which we summarize below. We will be providing additional analysis of the FCC’s new rules and the implementation challenges that may lie ahead in future posts and in a two part webinar series that will take place on Nov. 29 and Dec. 6.
Read more here.