Sixteen state attorneys general urged the FCC in a recent letter to withdraw proposed broadband privacy rules that would require Internet service providers (ISPs) to obtain subscriber consent before collecting and sharing certain data with advertisers and other third-parties. The letter warned that the agency’s plan, if implemented, will “foster a byzantine regulatory environment rather than clear, enforceable requirements that improve data privacy for all consumers.”
As specified in a Notice of Proposed Rulemaking issued last March, the FCC seeks to implement Section 222 of the 1934 Communications Act with respect to broadband ISPs. Under the Open Internet order which the FCC adopted last year, broadband ISPs were classified as telecommunications carriers pursuant to Title II of the Communications Act. Such carriers are obligated under Section 222 “to protect the confidentiality of proprietary information of, and relating to, other telecommunication carriers, equipment manufacturers, and customers.” By reclassifying broadband ISPs under Title II, the FCC also assumed jurisdiction over ISP privacy issues that had been the domain of the Federal Trade Commission (FTC), although the FTC retains authority over the data collection and privacy practices of “edge” providers.
Stressing that “the concern for protecting consumer privacy arises in many contexts and across many industries and technologies,” the attorneys general argued that the FCC’s proposal “ignores that reality and makes artificial distinctions among technology that . . . will only serve to make compliance more costly and complicated.” Despite the FCC’s acknowledgment in the rulemaking proposal that “states are very active participants in ensuring their citizens have robust privacy and data security protections,” the attorneys general voiced concern that the rules, if adopted, could “preempt important state laws that effectively protect consumers’ privacy.”
Emphasizing the “paramount importance that any federal regulations not impair states’ ability to vigorously protect their citizens,” the attorneys general argued that “the privacy interests of consumers are best protected by harmonized enforcement and regulatory mechanisms that are technologically neutral.’ The letter thus recommends that the FCC “withdraw the proposed rule and engage with the [FTC] and state attorneys general to determine the most effective path forward.” An FCC spokesman replied that “we have received the letter and are reviewing it.”