The so-called broadband “privacy” rules passed by the Federal Communications Commission during the last administration were a sham. Congress made the right move on Tuesday by voting to get rid of them.
The Federal Trade Commission has been protecting consumer privacy for the last decade, and there has been no indication that another agency needed to step in. The left now is trying to claim that privacy protections were lost as a result of the vote in Congress, but that is false. The rules never went into affect, which means no one lost any of the protections that were vacated.
{mosads}Some have claimed there will be a “privacy vacuum,” which is also incorrect. The FTC uses what is generally called a sensitivity-based approach and a harms-based approach to protecting consumer privacy. It focuses on what data are held, the level of data sensitivity, and how consumers are affected if the data are misused.
This takes varying consumer preferences into account by requiring “opt-out” for most instances of data collection, and “opt-in” for particularly sensitive types of data. This allows innovation based off of consumer data in non-sensitive areas, like weather, sports, shopping etc. and has stronger protections for data that consumers deem actually confidential, like financial and health records.
Plus the Gramm Leach Biley Act (GLBA) governs financial information privacy, and the Health Insurance Portability and Accountability Act (HIPAA) covers private health data. Both function on an opt-out basis and the rules apply no matter who holds the data.
Contrary to these major privacy regimes, the FCC rule functioned on an entirely opt-in basis, and only applied the rules to one part of industry, ISPs. The FCC focused on who had the data, not what the data is about.
Again, there is not a privacy vacuum when it comes to broadband providers.
First, it is true that the FCC stole the Federal Trade Commission’s ability to create regulations for ISPs on privacy. However, regulation doesn’t just come in the form of prescriptive rules.
The FCC still has authority over broadband providers if they violate existing established privacy standards. If an ISP behaves badly with private information, don’t think that the FCC won’t or can’t act. They will.
Further, we should not make the mistake in thinking that if someone violates rules and gets caught, then more regulations are needed. This scenario actually means that the rules are working. But in the case of the FCC rules, there hasn’t even been a privacy violation to trigger the creation of the rules.
The FTC structure has worked well through vast changes in services offered over the internet, while still punishing bad actors. Plus, when it comes to health data HIPAA still stands, and the GLBA still protects financial data. The Congressional Review Act used by Congress to negate the rules did nothing to interfere with other regimes governing privacy.
If the FCC were allowed to pursue these rules it would create confusion through varying regimes for different parts of communications industry because the FCC’s rules zero-in on who holds the data, not what the data are.
By using the CRA, Congress signals that it did not dictate to the FCC to regulate privacy, and that the FTC is the proper agency of jurisdiction. The effort, which was led by Sen. Jeff Flake (R-Ariz.), Rep. Marsha Blackburn (R-Tenn.), and Rep. Greg Walden (R-Ore.) is a positive for consumer privacy and innovation. Not a negative.
On top of all of that, our goal is to slash the cost of government by eliminating unnecessary regulations. Duplicative regulations that confuse an already functioning ecosystem surely fall into the superfluous category.
The FCC is no poster child for efficiency for that matter. FCC Commissioner Mike O’Rielly has pointed out that the FCC, through information gathering requests alone, requires 73 million hours and $800 million just to fill out requests. The Competitive Enterprise Institute found that in FY 2015 the FCC spent around $464 million in regulatory development and enforcement, and it accounts for more than $100 billion annually in regulatory and economic impact.
It’s pretty clear that the Obama FCC’s aim was to expand its power, not to protect consumers. It used the hot-button word “privacy” to disguise the power grab.
Katie McAuliffe is federal affairs manager at Americans for Tax Reform and executive director of Digital Liberty.
The views expressed by contributors are their own and are not the views of The Hill.