Last night, President Trump quietly signed away our broadband privacy protections. The rules, passed by the Federal Communications Commission in October 2016, were years in the making, but only took a month for Congress and President Trump to dismantle. This unprecedented situation merits a further review.
How Did We Get Here?
In 2015, the FCC properly classified broadband providers as common carriers. This brought broadband providers squarely under the jurisdiction of the FCC and subjected them to certain privacy requirements under the Telecommunications Act. That is why in October of 2016, after multiple rounds of comment periods, the FCC passed the rules clarifying exactly what a broadband provider’s obligations to protect its customer’s information are under the law.
Unfortunately, after Republicans took control of Congress and the White House, they dusted off a rarely used law called the “Congressional Review Act” (CRA). The CRA allows Congress to summarily eliminate certain regulations passed by agencies. Additionally, the CRA not only makes it like the regulations were never passed in the first place, but also prevents agencies from passing “substantially similar” rules in the future. Prior to this administration, the CRA had only been used once, mostly because it’s a heavy-handed, blunt instrument that ties an agency’s hands.
The FCC’s privacy rules were the strongest online privacy protections to date, but now that Congress has passed the CRA and President Trump has signed it into law, you’ll never get to enjoy these protections. Here’s why and how it affects you.
What Does This Mean For You?
Let’s start with the protections you would have enjoyed if Congress hadn’t eliminated them. Broadband providers would have been required to get your consent before using sensitive information like your web browsing history, location, financial information, and health information. When it comes to non-sensitive information, broadband providers could have used that data on an opt-out basis. The rules also would have required broadband providers to take reasonable measures to protect your data and notify you in the event of a data breach. Sounds reasonable, right?
Apparently, certain members of Congress thought this common-sense rule was too much of a burden for broadband providers, so instead of having more control over how your information is used, now you have less. Under federal law, broadband providers can now use your personal, sensitive information without asking your permission first. That means the default as to whether a broadband provider can use your health information to market to you is set to yes. If you are a privacy-conscious consumer, you will have to navigate your broadband provider’s website to find the option to opt out, which they have every incentive to make as difficult as possible.
The biggest problem with the repeal of this privacy rule is that broadband providers are now empowered to interpret their privacy obligations to consumers since the FCC’s interpretation is null and void. Each broadband provider gets to decide what type of information they are required to protect, what kind of consent they need to get from their customers, and what security measures they are obligated to maintain. That means one broadband provider might interpret IP addresses as protected information, while another may feel they have no obligation to protect that information under the law. In the words of the incomparable Harold Feld, “Broadband providers have promised to let you know if they start using that info. But since there is no actual penalty now for breaking that promise, it’s as reliable as ‘we will totally be at your house between 8 a.m. and noon.’”
What’s Next?
Is all lost? Should we pack up our proverbial ball and go home? Is the idea of privacy dead in the digital age? The answer to all of these questions is a resounding “No!” The FCC still has an obligation to ensure that broadband providers are keeping your information protected. If you aren’t already following the FCC Commissioners on Twitter, now is the time. Make sure they know where you stand on this issue. Keep calling your members of Congress to voice your displeasure. Donate to public interest organizations (like Public Knowledge!) that are working to protect your privacy. Push Congress to try something new, like actually passing legislation that protects the privacy of Americans.
In the meantime, download an ad blocker, buy a VPN, or opt-out of your broadband provider’s information sharing. These aren’t perfect solutions, but Congress has put Americans in the difficult position of finding imperfect ways to protect their sensitive information.
Image credit: Nick Youngson