Connect with us

Privacy

Federal Trade Commission Should Make Privacy Rules Against ISP Data Collection, Experts Say

To protect consumers in the digital revolution, experts say serious federal action on privacy can lead the way.

Published

on

Photo of Alan Butler, executive director of the Electronic Privacy Information Center

WASHINGTON, November 30, 2021 – Privacy experts are calling on the Federal Trade Commission to start the process of empowering itself to penalize internet service providers that collect unnecessary data from their customers to push targeted advertisements.

While discussions on privacy matters have overwhelmingly been focused on big technology companies and how they use customer data, experts at a Federal Communications Bar Association privacy symposium on November 16 said ISPs should be in the crosshairs of federal regulators.

Specifically, according to Alan Butler, president of the Electronic Privacy Information Center, unnecessary ISP data collection “demands action” from the FTC.

“The current status is that internet service providers are within the jurisdiction of the FTC and the FTC should act” and not wait for other federal actors to initiate ISP consumer privacy rules, said Butler. In 2017, Congress voted to disallow the Federal Communications Commission, which regulates the telecom space, from making regulations on protecting ISP consumer privacy, leaving the door open for the FTC to regulate providers’ privacy practices.

But there’s a wrinkle. While the agency can investigate and penalize business practices that are “unfair” and “deceptive,” according to the Federal Trade Commission Act, the FTC cannot issue its own federal privacy rules under its current consumer protection authority. To do that, the FTC would need to initiate a policy-making process by which the agency develops and issues regulations, which can then become federal policy.

Some experts think the FTC would be the best entity for developing such rules and should start the process, while others think the FTC’s regulatory process wasn’t made to give the agency its own privacy authority.

A separate federal agency for privacy regulation

As the FTC could receive funding to establish a privacy bureau under the House of Representatives’ reconciliation bill, Butler left open the question of whether the FTC should proceed by issuing broad privacy regulations or whether it should be should be “parsed out” into specific issues.

“The FTC has to adopt rules that establish fair data practices and seek to protect secondary data uses and sensitive data,” such as customers’ biometric and demographic data, he said. Butler said FTC privacy regulations would be a “temporary solution,” but there must be a separate federal agency that regulates privacy in the United States. “Funding for an FTC privacy bureau in the reconciliation bill is an important step forward,” he said.

The law at play for an FTC privacy authority

The FTC’s ability to regulate privacy would be governed by the Magnuson-Moss Warranty-Federal Trade Commission Improvement Act. The Magnuson-Moss Act is notorious for adding several steps beyond the normal federal policy-making process, including a requirement that the FTC must find the problematic conduct to be “prevalent” in the marketplace.

“Magnuson-Moss was designed to choke off the FTC’s ability to engage in rulemaking,” said Georgetown law professor David Vladeck. Issuing privacy rules from the FTC would hard, he says, because the FTC must clear substantial hurdles before it can enforce any privacy rules.  “There’s a clear implication that the FTC is not able to promulgate a rule unless it can prove to a court after the rulemaking is done that the intrusive conduct is ‘prevalent.’ Well, Congress doesn’t define ‘prevalent,’” he added.

Butler argued that finding prevalence of data abuse won’t be hard. “The FTC wouldn’t struggle to find issues that are endemic to the industry,” he said. “The [agency] is capable of finding that its widespread use of location data unrelated to the use of the service as prevalent in the marketplace, and online behavioral tracking.” Thus, Butler argues, the FTC would be able to prove that data abuse substantially harms consumers and correctly uses its [proposed] authority to enforce privacy rules against technology companies.

Earlier this year, FTC chair Lina Kahn approved revisions to its Magnuson-Moss procedures, making it easier for the FTC to conduct its process for developing and issuing privacy rules. The rules grant the chair the authority to serve as the Chief Presiding Officer of the rulemaking hearing process, grants the commission the authority to control the conduct of the informal hearings, and eliminates a rule requiring the commission staff to publish a report analyzing the final rule before it is established as official agency policy.

Kahn said the changes to the rulemaking process will remove “extraneous and onerous procedures” that only delay the issuance of FTC rules.

FTC process could “surface” issues

Despite the difficulty of issuing privacy regulations, Vladeck said there may be value in initiating the process anyway, including “to surface the issues” of privacy and data collection by ISPs.

Vladeck highlighted “illegal dark patterns” as an example of a narrow issue the FTC can go after. The FTC characterizes “dark patterns” as methods companies use to keep consumers trapped in subscription services.

“The FTC is the only policeman on this beat,” Vladeck said, adding it could act as an effective enforcement regime against data abuses that affect consumers.

Robocall

Public Knowledge Urges VoIP to Be Regulated Under Title II to Stop Robocalls

Title II would require VoIP services to be subject to stronger regulations already in place for telecommunication providers.

Published

on

Photo of Harold Feld, Senior Vice President of Public Knowledge

WASHINGTON, August 18, 2022 – Public Knowledge is asking the Federal Communications Commission to classify facilities-based voice over Internet protocol services under Title II of the 1934 Communications Act, which it said would help the commission tackle robocalls.

The non-profit public interest group last week amended a March petition to the agency narrowing the field of VoIP providers to be captured under its proposal to facilities-based interconnected VoIP services, which require a broadband connection for real-time voice communications on the public telephone network. That’s instead of a broader field including non-interconnected services, which allow voice communications through a device not connected to the phone network, like gaming consoles.

Title II specifies authority given to the FCC to regulate “common carriers” – utilities such as landline phones, telecommunication services, and electricity. Currently, VoIP services are not included in any specific classification. Instead, the FCC relies on rules based on its ancillary authority given under Title I of the Communications Act, which provides less regulatory authority to the commission.

If classified under Title II, VoIP providers would be beholden to service quality regulations, such as the prevention of ever-increasing robocalls, and to regulations ensuring affordable access to infrastructure for competitive carriers, Public Knowledge said in its petition.

The organization also said that new categorization would prevent a “crisis of legal authority” for the FCC, which already makes VoIP services subject to certain Title II regulations, such as contributions to the basic telecommunications program, the Universal Service Fund. Currently, Public Knowledge argues, regulations governing VoIP services are a collection of ad hoc rulings based on ancillary authority.

Lack of classification ‘threatens’ FCC ability to fulfill legislative mandate

Congress “deliberately used expansive terms” when defining telecommunications in the Telecommunications Act of 1996, which gave the FCC authority to regulate sectors within the communications industry, said the March petition. “At a minimum, Congress intended the FCC to regulate any service that behaves like a traditional telephone service – regardless of the underlying technology – as a telecommunications service,” read the petition.

Yet despite a lack of meaningful difference between VoIP and traditional telephone services, the FCC continues to treat VoIP services differently, said the petition. This “failure” of the FCC to classify VoIP under Title II allegedly frustrates the commission’s ability to effectively address robocalls and makes uncertain whether the commission preempted its authority to regulate VoIP services.

“The FCC’s failure to classify facilities-based interconnected VoIP threatens the ability of the FCC to fulfill the most basic responsibilities entrusted to it by Congress,” stated the petition.

The burden of Title II

In a blog post on the matter, communications law firm CommLaw group argued that Title II VoIP providers would likely be required to obtain FCC approval prior to transfers of assets and mergers and acquisitions, which it said would slow transaction speed considerably. Furthermore, it could open the door to “increased state regulatory oversight, requirements, and burdens,” it added.

Earlier this month, Democratic Senators introduced a bill that would give the FCC regulatory authority over broadband by classifying those services as Title II. It would allow the commission greater regulatory authority to make internet service providers respect principles of net neutrality, which prohibit providers from throttling traffic on their networks, participating in paid prioritization, or blocking of any lawful content. The bill, however, has been met with opposition.

Continue Reading

Privacy

Online Protections for Children Bill Passes Committee Despite Concern over FTC Authority

Opposition to a reformed COPPA include the ability of the FTC to enact broad rule-making.

Published

on

Photo of Senator Edward Markey, D-Mass.

WASHINGTON, July 28, 2022 – The Senate Committee on Commerce, Science and Transportation approved two online privacy protection bills in a Wednesday markup, including an update to legislation that will increase the age for online protection for children.

An update to the Children and Teens’ Online Privacy and Protection Act (S.1628) – which originally passed in 1998 but had amendments proposed last May – would see the age of protections increase from 13 to 15, meaning large internet companies will be prohibited from collecting the personal information of anyone under 16 without consent and ban targeted marketing to those children. The bill passed via voice vote.

Other provisions in the bill include a mandate to create an online “eraser button” that will allow users to eliminate personal information of a child or teen; implement a “Digital Marketing Bill of Rights for Minors” that limits the collection of personal information from young users; and establish a first-of-its-kind Youth Privacy and Marketing Division at the FTC,” according to a summary of the bill’s key components.

“The Senate Commerce Committee this morning took a historic step towards stopping Big Tech’s predatory behavior from harming kids every day,” Senator Edward Markey, D-Mass., who introduced the amendments, said Wednesday.

The other bill, the Kids Online Safety Act (S.3663), will give parents enhanced control over their children’s online activities to “better protect their health and well-being.” The bill, introduced by Senator Richard Blumenthal, D-CT, and Senator Marsha Blackburn, R-TN, passed 28-0.

The bill would put in place additional safeguards and tools, such as platforms giving minors options to protect their personal information and to disable recommendations.

“I don’t think we’ve ever had a piece of legislation that has had such strong support across groups across the country” “Parents want a tool kit to protect their children online,” Senator Blumenthal said during Wednesday’s hearing.

The bills now move to the Senate floor.

Concern about FTC authority under new COPPA

Under COPPA 2.0, the FTC authority includes determining what are “unfair or deceptive acts” in marketing practices and enforcing violations. In May, the agency put out a policy statement specifying its focus on enforcing the existing version of the bill.

Some senators voted against passing COPPA 2.0 over concern that it would give the Federal Trade Commission too much rule-making authority.

Senator Blackburn said there should be more restrictions on the ability of the FTC to make rules so there wouldn’t be overreach.

Similarly, Senator Mike Lee, R-UT, said he was not able to support the bill during markup because he is concerned about “giving a blanket ruling power to the FTC.

“We are at our best when we carefully consider legislation and don’t rush through it,” Lee said.

Continue Reading

Cybersecurity

Rep. Swalwell Says App Preference Bill Will Harm National Security

‘I just want to limit the ability for any bad actor to get into your device.’

Published

on

Photo of Representative Eric Swalwell, D-Calif.

July 27, 2022 – Antitrust legislation that would restrict the preferential treatment of certain apps on platforms would harm national security by making more visible apps from hostile nations, claimed Representative Eric Swalwell, D-Calif, at a Punchbowl News event Wednesday.

The American Innovation and Choice Online Act is currently under review by the Senate and, if passed, would prohibit certain online platforms from unfairly preferencing products, limiting another business’ ability to operate on a platform, or discriminating against competing products and services.

The legislation would ban Apple and Google from preferencing their own first-party apps on their app stores, which would make it easier for apps disseminated from hostile nations to be seen on the online stores, Swalwell said.

“[Russia and China] could flood the app store with apps that can vacuum up consumer data and send it back to China,” said Swalwell, adding that disinformation regarding American elections would spread. “Until these security concerns are addressed, we should really pump the breaks on this.”

Swalwell asked for a hearing conducted by Judiciary Committee of the House with the National Security Agency, Federal Bureau of Investigation, and Homeland Security officials to lay out what the bill would mean for national security.

“I just want to limit the ability for any bad actor to get into your device, whether you’re an individual or small business,” said Swalwell.

Lawmakers have become increasingly concerned about China’s access to American data through popular video-sharing apps, such as TikTok. Last month, Federal Communications Commissioner Brendan Carr called for Apple and Google to remove the app on the grounds that the app’s parent company, ByteDance, is “beholden” to the Communist government in China and required to comply with “surveillance demands.”

The comments follow debate surrounding the bill, which was introduced to the Senate on May 2 by Sen. Amy Klobuchar, D-Minn., on how it would affect small businesses and American competitiveness globally.

Continue Reading

Recent

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Trending