FCC’s New Privacy Mandates – What’s Next, Internet Czar?

Today, the Federal Communications Commission (FCC) unveiled a proposal to regulate how broadband providers may collect and use their customers’ information. These rules, which the FCC’s five commissioners will vote on later this month, mark the agency’s first major attempt to expand its power over the Internet since its controversial February 2015 decision to reinterpret federal law as authorizing the Commission to regulate Internet service providers as public utilities. That move, which FCC Chairman Tom Wheeler justified as necessary to protect so-called “net neutrality,” came after the Obama administration intervened in the FCC’s rulemaking process to insist the agency adopt a heavy-handed approach to Internet regulation.

According to the agency, the new rules will give consumers the “tools they need to make informed choices about how and whether their data is used and shared by their broadband providers.” But since 1986, when Congress passed the Electronic Communications Privacy Act, it’s been illegal for a service provider to “intercept” any “electronic communication”—including Internet traffic—without first obtaining “prior consent” from “one of the parties to the communication.” In other words, your broadband provider can’t monitor your Internet traffic without your consent, except in very limited circumstances (for example, when a court orders interception of your traffic, or your provider needs to monitor it for cybersecurity purposes).

Why, then, does the FCC claim new regulation is necessary to ensure consumers are informed of whether and how their data is used? The agency, it seems, wants to make it a lot harder for providers to get consumers’ consent to serve advertisements based on their Internet usage. However, due to the rise of ubiquitous online encryption, broadband providers have less and less access to the data they need to deliver targeted ads—as law professor and privacy guru Peter Swire explained in a recent paper. Still, even when providers do access data and serve up targeted ads, consumers are not likely to suffer any harm (albeit with some caveats).

If anything, relevant ads are a net benefit; after all, irrelevant ads are the alternative. But the FCC wants to bar providers from using data to deliver ads for third-party products unless a consumer “opts in” to such collection. This mandate is more likely to scare consumers than it is inform them about the real privacy equation.

If the FCC’s impending privacy rules are approved, the agency will further entrench its role as the Internet’s regulator. What’s next for Chairman Wheeler? Perhaps the FCC will break its promise not to regulate the prices charged by Internet providers, as Professor Daniel Lyons predicted last year. Or it may begin restricting the ability of providers to offer usage-based tiers, which let subscribers who transmit less data pay less than more intensive users. These types of regulation would further constrain experimentation with different business models among broadband providers, thwarting potentially pro-consumer service offerings that have yet to emerge. (The same has been said about net neutrality regulation itself.)