We live in a world of smartphones, smart grids and smart cars, where companies store, collect and share more information than man has ever known. “Big data” has become such a big part of our lives and lexicon that it is no longer ominous. In fact, every time we swipe our credit cards, give our phone number to grocery clerks or merely visit our favorite website, we tacitly add to the big data pile.
The new social contract
In this new Age of Enlightenment, we abide by a simple social contract: Companies give us their goods and we give them our data. Nobody knows the true cost of the information we relinquish in this exchange, but that seems to be no deterrent. While the equity of the exchange is debatable, the loss of privacy is not.
{mosads}When it comes to the internet, our barter becomes more complex. Scores of invisible intermediaries in the online ecosystem have the ability to access and collate high volumes of data through tools and techniques unseen and unknown to most of us. Analytic technology allows Google, Yahoo and Facebook, for example, to track our searches, scan our email, cross-reference our contacts and mine our data to deliver ads and make lots of money based on what we do online. The breadth and depth of information amassed by Google, alone, surpasses everything collected by all retail, financial, media, healthcare, telco, communications, utility, entertainment and nonprofit firms combined. Oh, and that goes for the U.S. government. too.
Data for goods
Google and others offer an opaque suite of free, easy and consumer-friendly apps which are must-have accoutrements of modern communication. From email to social media to mobile music, who can imagine daily life without them? Yet when consumers blithely accept those freebies, we consent to a constructive social contract. Relinquishing personal information as a condition of free and continued use concedes privacy.
But this cozy compact is beginning to fray. Today’s digitally conscious consumers expect and demand more control over their own data. They want to determine when, where and how they interact electronically with banks, stores and advertisers. Even though collected data can inform innovation and improve services, transparency, choice and consent are the consumer mandates of the day. We have seen the global fallout when massive databases are breached, and witnessed the sad standoff between Apple and the FBI over a deadly terrorist’s cellphone data. Yet, even as new revelations unfold on data security, most Americans are lost in the cloud(s) when it comes to the rules affecting their privacy.
Privacy enforcement
Up to now, the Federal Trade Commission (FTC) has been the prime protector of consumer privacy. For decades, the FTC has shaped the privacy landscape through its balance of consumer and commercial rights, law enforcement and policy advocacy. It has embraced effective self-regulation in several industries, and has encouraged the adoption of strong, company-wide privacy programs with independent monitors. When warranted, it has brought enforcement actions against the likes of Google and Facebook, requiring companies to obtain consumers’ express consent before materially changing their data practices. It has prosecuted online advertising networks that failed to honor opt-outs, and made sure that a consumer’s choice not to be tracked by advertisers is respected. It has challenged applications that set default privacy settings in a way that cause consumers to unwittingly share their personal data, and sued companies for failing to maintain reasonable data security.
When it comes to enlightened policy and consumer education, the FTC has convened dozens of surveys, workshops, conferences and reports on the panoply of privacy and data security issues. It has testified before Congress and provided thought leadership and practical guidance to other governmental agencies, including the Federal Communications Commission (FCC) and the European Union. Consumers and businesses have come to rely on the insightful instruction on its website, and the volumes of plain-language reports it regularly publishes. It is home to the federal government’s largest roster of legal, economic and privacy experts. As far as privacy goes, no other agency even comes close. The FTC has set global standards and proven itself fair, nonpartisan and business-agnostic.
Enter the FCC
Thus, it was curious when the FCC began its recent quest for enhanced privacy authority under the leadership of Chairman Tom Wheeler. Reaching for the barest statutory thread, the agency has sought to weave a case for a role in privacy enforcement, rivaling the FTC. Its recent actions have prompted many in Congress and industry to ask: why this, and why now?
In truth, very few experts have embraced the FCC’s claim to become another cop on the privacy beat, especially when the FTC has such a command over the territory. While privacy and data security are among the most compelling policy challenges in today’s world, we wonder what additional capacity the FCC brings to the fore. Beyond the prospect of creating confusion, redundancy or conflicting regulations, some suggest not very much at all.
Let’s face it: Aside from Wheeler, the weight of the FCC’s privacy enforcement really rests with one man, Travis LeBlanc. He is a privacy expert nonpareil, a former assistant attorney general in California who has investigated scores of privacy cases. LeBlanc is also a former Justice Department official and prosecutor par excellence, who is an affable professional and legal scholar with sterling credentials to rival any in the world.
After nearly two years as head of the FCC’s Enforcement Bureau, Travis has racked up more fines and gored more oxen than the last three Enforcement Bureau chiefs combined. He has gone up against gargantuan conglomerates and returned with the prize. And he has stood eye-to-eye with the congressional defenders of the republic and not blinked. After his mercurial term expires later this year, he surely will head to the legal or political pantheon to shine even brighter, and continue his fight for truth, justice and the American way. The chairman will not be far behind.
And then what?
On the horizon
What happens to FCC privacy enforcement when these two crusaders move on to greener pastures? What happens when the new FCC chairman (and there will be a new chairman in 2017), questions the FCC’s claim to privacy jurisdiction or even Title II? Will the current engagement with privacy end with a tryst with Travis?
These are among the questions being whispered in the legal and policy galleries as the FCC reaches for power patently beyond its grasp. The new Notice of Proposed Rulemaking (NPRM) on Broadband Consumer Privacy rests, many argue, on a tenuous accretion of authority via Title II and a legal predicate accepted by few in industry. To say that its privacy jurisdiction is well-grounded would be balderdash, although the FCC goes to great lengths to overcompensate for the possibility that its fundamental premise could be undermined on appeal.
But alas, as John Adams advised in his 1774 seventh “Novanglus” letter, “we are a government of laws, not of men.” So it does little good today to speculate whether the FCC can deputize itself or even enlarge its coasts on privacy enforcement. Nor can we direct the FCC to defer to the experts at the FTC because they wear the whole armor. Only Congress and the courts have the power to save the republic from a regulatory coup that has been raised under cloak of consumer protection. In the privacy crucible, there are many battles yet to be joined, and this one may be extinguished with the short passage of time.
Hoffman is chairman of Business in the Public Interest and an adjunct professor of Communication, Culture and Technology at Georgetown University. A former FCC and congressional lawyer, he is the author of “Doing Good: The New Rules of Corporate Responsibility.”