Not So Fast on FCC Privacy Regulation

We expect regulators, at least those within a single administration, to speak with a common voice.

So when the Federal Trade Commission staff took the unprecedented action of criticizing proposed Internet privacy rules being considered by the Federal Communications Commission, it became clear we must hit the pause button.

The FTC is this nation’s leading privacy enforcer, with expertise based on decades of careful enforcement action. When the FTC speaks, we must listen carefully — not because the FTC gets every issue right, but because of its longstanding expertise.

The FTC’s main point is simple and compelling — it makes no sense to have one set of privacy standards for broadband providers and a different, inconsistent set for everyone else. With diplomatic understatement, the FTC comments call that patchwork approach to consumer protection “not optimal.” Inconsistent regulation creates barriers to competition and innovation. Why should one set of competitors be handicapped, like making them run while carrying a refrigerator on their back?

Consumers are obviously going to be confused if two different sets of rules apply to their data on different parts of the Internet. Recent survey data submitted to the FCC shows that 94% of Internet users believe “all companies collecting data online should follow the same consumer privacy rules.”

The FTC also explains how the FCC’s patchwork approach will distort markets for advertising and other services online, arbitrarily applying different rules to different competitors. Many companies are able to offer free or low-cost products by collecting data consumers don’t consider sensitive. The FCC approach destabilizes this market by creating an arbitrary patchwork of regulation.

Beyond this inconsistency, the FTC also questions the basic substance of the FCC rules, which abandon the bedrock FTC principle that the protection given consumer data should be based on consumer expectations regarding its sensitivity. Under the FTC approach, things like financial and medical information receive a higher level of protection, but more mundane data like the kinds of websites or ads a person clicks on receive somewhat less.

The FCC proposes to replace that system with much broader “opt-in” requirements that ignore the sensitivity of the data. But unmooring the level of data protection from consumer expectations is counterproductive and wrong — 83% of consumers believe online privacy should be based on the sensitivity of data, not the kind of company or organization gathering it. As one FTC commissioner put it, the FTC filing “politely recognizes that the FCC’s current proposal would impose more restrictions than are necessary to protect consumer privacy in many cases, and yet would fail to protect consumer privacy in others.”

When I was in the leadership of the FTC, we often filed comments guiding states or other regulators to recognize the need for regulatory humility. Regulations and legislation can become permanent impediments to competition.

When the nation’s leading consumer-protection enforcer says you’ve gotten it wrong, it’s time to rethink and return to the drawing board.

David Balto is a former policy director at the Federal Trade Commission and a former attorney in the Justice Department’s antitrust division.