The Federal Trade Commission (FTC) and Federal Communications Commission (FCC) have been active in recent years in bringing consumer protection enforcement actions, with a particular focus on privacy and data security issues. Recent regulatory action from the FCC associated with “net neutrality,” however, has blurred the line as to where each agency’s jurisdiction begins and ends, particularly for companies offering broadband Internet access service. Recognizing this uncertainty, on November 16, 2015, the FTC and FCC announced that the agencies had signed a “Memorandum of Understanding on Consumer Protection.” The MoU set out that the agencies will work together to “coordinate on agency initiatives where one agency’s action will have a significant effect on the other agency’s authority or programs.”
In February 2015, the FCC adopted the “Open Internet Order,” which reclassified “broadband Internet access service” as a telecommunication service subject to “common carrier regulation” under Title II of the Communications Act of 1934. In the Open Internet Order, the FCC made broadband Internet access service providers subject to certain key consumer protection provisions of Title II, including 47 U.S.C. § 201(requiring that “all…practices…shall be just and reasonable, and any such…practice that is unjust or unreasonable is declared to be unlawful”), and 47 U.S.C. § 222, which addresses the treatment of “customer proprietary network information” (CPNI).
While the FCC’s reclassification is currently being challenged before the D.C. Circuit, it has had the important effect of stripping the FTC of jurisdiction over entities that provide broadband Internet access service – at least in part. The FTC’s so-called Section 5 authority proscribes “unfair or deceptive acts or practices in or affecting commerce” and provides the FTC with general jurisdiction over entities that participate in interstate commerce. 15 U.S.C. § 45(a). However, the FTC’s Section 5 authority does not extend to “common carriers subject to the Acts to regulate commerce,” which includes the Communications Act. 15 U.S.C. §§ 44, 45(a)(2).
- This is not the first time the FTC has been stripped of jurisdiction for consumer protection in certain sectors; indeed, the FTC-FCC MoU follows the FTC’s pattern of executing such agreements with successor agencies that are given a primary oversight role, such as the Consumer Financial Protection Bureau. It is clear that the FCC will seek to leverage and build on the FTC’s legacy of aggressive consumer protection enforcement over broadband Internet access service providers using its own authorities. The MoU calls for general coordination between the agencies, and includes concrete steps such as allow the FCC to access and contribute to the FTC’s “Consumer Sentinel Network,” an online database of consumer complaints.
- There is significant uncertainty as to how the FCC will exercise its newfound consumer protection authority over broadband Internet access providers. Indeed, rulemaking implementing the CPNI statute has slipped the FCC’s own expressed timetable of “autumn” 2015. In the meantime, the FCC has issued an enforcement advisory directing broadband Internet service providers to take “reasonable, good faith steps” to protect consumer privacy.
- Jurisdictional uncertainty between the FTC and FCC remains. While the FCC is clearly in the drivers’ seat when it comes to regulating the “common carrier” aspect of broadband Internet access service providers, recent court decisions may encourage the FTC to argue that it has not been fully divested of oversight power over entities that provide a common carrier service. In March 2015, the Northern District of California deniedAT&T’s motion to dismiss the FTC’s complaint regarding the alleged throttling of customer data plans for lack of jurisdiction over “common carriers.” While this case interpreted the scope of the FTC’s authority prior to the Open Internet Order, AT&T was already regulated as a common carrier in connection with its provision of telecommunications (telephony) services. The court held that the FTC’s Section 5 authority “can be applied to an entity that has the status of a common carrier so long as what is being regulated is the entity’s non-common carriage services.” This line may be difficult to draw, as the FTC’s 2014 investigation into the security protocols used on Verizon routers illustrates. The FTC would likely argue that routers are not properly considered to be part of the “broadband Internet access service.”
- The MoU states the agencies’ joint view that “the FTC Act does not preclude the FTC from addressing non-common carrier activities engaged in by common carriers,” and that action by one agency or the other should not be taken to be a limitation on the authority available to the other. The MoU goes on to state that to the extent that both the FCC and FTC have authority to address the same conduct, they will follow the processes in the MoU. While these are not set forth in the MoU in great detail, it does call for the agencies to conduct joint enforcement activities and coordinate public statements.