The Federal Communications Commission (FCC) voted 2-1 today to stay the implementation of requirements approved last year that mandate that telecommunications carriers, including ISPs, take “reasonable measures to protect customer [proprietary information] from unauthorized use disclosure or access”. Under the FCC’s reclassification decision, ISPs are now “telecommunications carriers” for certain aspects of the Communications Act. The data security requirement, which was a component of an extensive set of privacy rules adopted by the FCC prior to President Trump’s election, was to have taken effect on 2 March 2017. The Republican Commissioners, now the majority, had both voted against the adoption of those rules. In a news release, the FCC stated, “the Commission’s stay will provide time for the FCC to work with the [Federal Trade Commission] to create a comprehensive and consistent framework for protecting Americans’ online privacy.
The Federal Trade Commission had proven to be an effective cop on the beat for safeguarding digital privacy.” This may be but the first step in likely regulatory surgery on the FCC rules, the real substance of which are not scheduled to take effect until later this year. In the meantime, the Commission noted that “ISPs have been – and will continue to be – obligated to comply with Section 222 of the Communications Act and other applicable federal and state privacy, data security, and breach notification laws. In addition, broadband providers have released a voluntary set of ‘ISP Privacy Principles’ that are consistent with the Federal Trade Commission’s long-standing privacy framework.” For other telecommunications carriers, the Commission’s pre-existing rules governing data security will remain in place.