The Federal Trade Commission (FTC) and Federal Communications Commission (FCC) recently formalized an agreement to cooperate when regulating the “deceptive, unfair, unjust and/or unreasonable” acts and practices of common carriers. In addition to outlining the scope of the agencies’ enforcement authorities, the FCC-FTC Consumer Protection Memorandum of Understanding (MOU) details a commitment to information sharing, agency coordination, and joint enforcement when overlap occurs.
The MOU follows the FCC’s controversial net neutrality rulemaking earlier this year which eliminated the authority of the FTC—oft-billed as the nation’s top privacy cop—to regulate the privacy and security practices of broadband Internet service providers (ISPs). The FCC’s Open Internet Order reclassified the delivery of broadband Internet access as a “telecommunications service” under Title II of the Communications Act of 1934, as amended by the Telecommunications Act of 1996. ISPs, in turn, became telecommunications service providers exempt from enforcement actions as “common carriers” under Section 5 of the FTC Act.
Whether the reclassification of ISPs reflects a serious challenge to the FTC’s primacy in data privacy and security enforcement remains to be seen. FTC Commissioner Julie Brill downplayed the impact of reclassification in recent comments citing the FTC’s continuing Section 5 authority over Internet-based companies such as “apps, edge services, ad networks, advertisers, publishers, data brokers, [and] analytics firms.” The FTC also has argued, and at least one court has agreed, the FTC can continue enforcement of its Section 5 authority against common carriers engaged in non-common carrier activities—a position the FCC joined in the MOU.
The potential interplay between the FTC and FCC under the MOU may present opportunities for both agencies. The FTC has long called for a repeal of the statutory exemption preventing its regulation of common carriers. By demonstrating increased effectiveness through deployment of the agencies’ complementary powers, the FTC may make its case for dual enforcement of data privacy and security issues across the common carrier industries. The FCC, on the other hand, will have time to overcome detractors’ claims that it lacks experience. Barring a statutory overhaul, the FCC’s increasingly aggressive approach suggests the agency is poised to engage in significant consumer privacy rulemaking and enforcement actions in the coming years.
The MOU sets a trial period of sorts while Congress and the courts decide the contours of consumer data privacy protections. Industry stakeholders should take note: success or failure, the MOU is likely to drive future legislation and regulation.