Over the objections of FCC Commissioner Mignon Clyburn and some Senate Democrats, the FCC voted 2-1 Wednesday to issue a temporary stay of certain data security regulations that were adopted by the FCC in its October 2016 order on broadband privacy. FCC Chairman Ajit Pai and his Republican colleague, FCC Commissioner Michael O’Rielly, had dissented against the FCC’s 3-2 decision last fall to approve rules that would require broadband Internet service providers (ISPs) to obtain affirmative “opt-in” permission from their customers before sharing sensitive personal data with advertisers and other third parties.
Although the FCC built the rules upon the “sensitivity” model that is used by the Federal Trade Commission (FTC) in its oversight of websites and other edge providers, Pai, O’Rielly and opponents of the rules contend that the FCC exceeded the FTC’s framework by including web browsing data, app usage history, and the content of e-mail communications in the category of sensitive information that requires opt-in consent. As stated in an FCC news release, the rules to be stayed—which otherwise would have gone into effect yesterday— would have “subjected [ISPs] to a different standard than that applied to other companies in the Internet ecosystem by the FTC.” Other rules promulgated under the October 2016 order that have already been implemented or are scheduled to go into effect later this year are not affected by the temporary stay, which will remain in place “until the Commission is able to act on pending petitions for reconsideration.” The FCC further noted that ISPs will continue to be subject to the requirements of Section 222 of the Communications Act as well as “other applicable federal and state privacy, data security and breach notification laws.”
In a joint statement with acting FTC Chairwoman Maureen Ohlhausen, Pai cited the FTC’s “long track record of protecting consumers’ privacy and security throughout the Internet ecosystem” in arguing that ultimate jurisdiction over broadband ISP privacy and data security “should be returned to the FTC.” Emphasizing that the FCC and the FTC “are committed to protecting the online privacy of American consumers,” Pai and Ohlhausen pledged to work together during the temporary stay in “harmonizing the FCC’s privacy rules for broadband providers with the FTC’s standards for other companies win the digital economy,” adding: “it does not serve consumers’ interests to create two distinct frameworks—one for [ISPs] and one for all other online companies.”
However, while wireline and wireless carriers and other broadband service providers applauded the FCC’s move, Clyburn lamented in a dissenting statement that the stay leaves “broadband customers without assurances that their providers will keep their data secure.” Writing to Pai Tuesday in an unsuccessful effort to persuade the FCC against proceeding with the stay, Senators Ed Markey (D-MA), Richard Blumenthal (D-CT), Elizabeth Warren (D-MA) and Al Franken (D-MN) advised that “privacy protections and data security simply cannot be put on hold” as they pointed to “the mounting number of data breaches impacting consumers throughout the country.”