The Federal Communications Commission is trying to deputize itself as the nation’s Internet data privacy cop.
An Oct. 9 letter by Rep. Marsha Blackburn (R-Tenn.) and 13 other members of Congress called out the agency’s aspirations to become the federal privacy regulator for the Internet. Indeed, Congress never gave the FCC such broad powers.
This absence of legal authority makes the FCC the rogue cop of data privacy. Its unauthorized foray into data privacy poses a real rule of law problem that is snowballing: The FCC asserts data privacy authority through its Open Internet order (2015); its TerraCom order (2015) proposed a $10 million data privacy fi ne despite the lack of any rules on the books; and a recent Lifeline order imposes data-privacy mandates. The FCC’s overreach also encroaches on the jurisdiction of the Federal Trade Commission, with its broader expertise in addressing consumer privacy issues.
It should be the duty of Congress to decide which agency, if any, has jurisdiction over data privacy. Indeed, if new data privacy authority is contemplated, the FTC should be the common enforcer of simple, clear standards to be consistently applied to all digital platforms.
The FCC bases its claims of authority over data privacy on Section 222. In its Open Internet order (2015), the FCC reclassified broadband Internet services as Title II common-carrier telecom services. (This reclassification of broadband is now being challenged in court.) Under that order, the FCC now applies Section 222 to broadband Internet service providers. On May 20, the FCC issued an enforcement advisory on data privacy. The agency has also invoked its self-proclaimed powers over digital privacy in other orders.
Data breaches are very serious, but so are limits on agency jurisdiction. It strains credulity to believe that the lawmaking process can be so easily short-circuited by a sector-specific agency like the FCC claiming to have possessed such broad data privacy powers all this while.
By its terms, Section 222 is limited to customer proprietary network information in the voice communications context. Specifically, CPNI addresses telecommunications providers’ collection and use of individualized consumer data regarding the time and length of calls, phone numbers called and consumer voice billing. (FCC jurisdiction with respect to cable subscriber privacy and DBS subscriber privacy are also circumscribed, under Section 551 and Section 338 of the Satellite Home Viewing Improvement Act, respectively.) CPNI is a different, narrower category than PII.
Seth Cooper is a senior fellow at nonprofit think tank The Free State Foundation.
Weekly digest of streaming and OTT industry news
Thank you for signing up to Multichannel News. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.