Posted on Mar 01 2017
By Jeff Flake
March 1, 2017
When you shop online from your tablet or browse the internet on your smartphones, you expect your personal data to be secure. Technology companies invest billions of dollars on data security to protect consumer privacy.
Privacy is also a cornerstone of consumer protection, with federal enforcement agencies striking an appropriate balance between innovation and security in their regulations. But just as a flawed line of code can render a new firewall program useless, the new privacy rules that were rushed through in the waning days of the Obama administration risk crashing our longstanding privacy-protection regime.
For two decades, the Federal Trade Commission has been America’s sole online privacy regulator. Under the FTC’s watch, our internet and data economy has been the envy of the world. The agency’s evidence-based approach calibrates privacy and data-security requirements to the sensitivity of information collected, used or shared online, and applies protections in a consistent and evenhanded way across business sectors. Consumer behavior demonstrates the success of the FTC’s regulatory approach: Each day people spend more time engaging in online activities.
But in 2015, in a bid to expand its own power, the Federal Communications Commission short-circuited the effectiveness of the FTC’s approach by reclassifying internet service providers as common carriers, subject to Title II of the Communications Act.
In taking that unprecedented action, the FCC unilaterally stripped the FTC of its traditional jurisdiction over ISPs. The FTC can no longer police the privacy practices of providers, leaving us with a two-track system under which the FCC applies its own set of rules for ISPs while the FTC monitors the rest of the internet ecosystem.
Even after the 2015 power grab, the FCC could have simply adopted as its own the FTC’s successful sensitivity-based model of privacy regulation. Instead—after last year’s election—the FCC finalized privacy regulations that deviate extensively from the FTC framework in several key respects.
The FCC rules subject all web browsing and app usage data to the same restrictive requirements as sensitive personal information. That means that information generated from looking up the latest Cardinals score or checking the weather in Scottsdale is treated the same as personal health and financial data.
The new rules also restrict an ISP’s ability to inform customers about innovative and cost-saving product offerings. So much for consumer choice.
The FCC’s overreach is a dangerous deviation from successful regulation and common-sense industry practices. But don’t just take my word for it. The FTC concluded that the FCC’s decision to treat ISPs differently from the rest of the internet ecosystem was “not optimal”—agency-speak for “a really bad idea.”
Outside of the FTC’s well-founded concerns, the new rules are also a departure from bipartisan agreement on the need for consistent online privacy rules. President Obama noted in 2012 that “companies should present choices about data sharing, collection, use, and disclosure that are appropriate for the scale, scope, and sensitivity of personal data in question at the time of collection.” In other words, privacy rules should be based on the data itself.
But that’s not how the FCC sees it. The commission’s rules suffocate industry and harm consumers by creating two completely different sets of requirements for different parts of the internet.
To protect consumers from these harmful new regulations, I will soon introduce a resolution under the Congressional Review Act to repeal the FCC’s flawed privacy rules. While the resolution would eliminate those rules, it would not change the current statutory classification of broadband service or bring ISPs back under FTC jurisdiction. Instead, the resolution would scrap the FCC’s newly imposed privacy rules in the hope that it would follow the FTC’s successful sensitivity-based framework.
This CRA resolution does nothing to change the privacy protections consumers currently enjoy. I hope Congress and the FCC will continue working together to address issues of concern down the road. However, it is imperative for rule-making entities to stay in their jurisdictional lanes. We need to reject these harmful midnight privacy regulations that serve only to empower bureaucrats and hurt consumers.
Click here to view the original article.