Legislation introduced last Friday by House Communications & Technology Subcommittee Chairwoman Marsha Blackburn (R-TN) would give the Federal Trade Commission (FTC) sole jurisdiction over Internet privacy protection. The bill would also require both broadband Internet service (ISPs) and online edge providers to notify customers of their privacy policies and obtain “opt-in” authorization from customers for the collection and usage of sensitive information.

Co-sponsored by Reps. Brian Fitzpatrick (R-PA) and Bill Flores (R-TX), the Balancing the Rights of Web Surfers Equally and Responsibly (BROWSER) Act (H.R. 2520) resurrects many of the online privacy provisions which were enacted last year by the FCC in its broadband privacy order but were repealed last month through a Congressional Review Act (CRA) resolution of disapproval which was signed into law by President Trump. Lamenting that the FCC had effectively “swiped jurisdiction away from the FTC,” which is responsible for enforcing privacy protections for edge service customers, Blackburn—a supporter of the recent CRA resolution—told reporters that the now-defunct FCC order had “created confusion by establishing two privacy regulators.” As she observed that the FCC had also “focused on only one part of the Internet ecosystem and ignored edge provider services which collect as much, if not more data, than ISPs,” Blackburn argued that the BROWSER Act would resolve that issue by “[creating] a level and fair privacy playing field” that brings “all entities that collect and sell the personal data of individuals under the same rules.”

Like the FCC order, the BROWSER Act would require providers to obtain explicit, opt-in consent from consumers before collecting, using or selling sensitive information, which includes web browsing history, social security numbers, geo-location data, and the content of communications. Sale or usage of health information, financial data, information pertaining to children under the age of 13 and other categories of information already deemed sensitive by the FTC would also be subject to opt-in procedures. Providers would be permitted to subject all other categories of information to either opt-in or optout consent. The bill also includes exceptions to consent procedures when information is used for service delivery, billing, prevention of fraudulent use, and for emergency situations that require intervention by medical, fire, and public safety personnel. Stressing that “Internet privacy and security must be a top priority,” Fitzpatrick urged “all House members who are serious about protecting our constituents’ online privacy to join me in advancing this bill.”