When people use the internet, they provide a vast amount of personal, often sensitive information. Ill-protected personal information can result in anything from predatory advertising to fraud. Consumers need strong rules and aggressive agencies to protect their online privacy. The Federal Communications Commission is the agency in charge of implementing and enforcing communications law and regulations. The FCC is ideally situated to protect consumers’ information on communications networks, considering its success in protecting subscribers’ privacy in other areas such as telephone and cable networks.
After the Republican-led Congress rolled back the FCC’s broadband privacy rules in Spring 2017, several members of Congress introduced online privacy legislation to address the gap in consumer protection. Because some of the approaches taken in these bills would potentially weaken or eliminate the FCC’s broadband privacy jurisdiction, it is critical to highlight that the FCC is the agency best suited to oversee broadband privacy. The Commission must maintain its authority to protect consumers not only because it is the expert agency on communications networks, but also because it already has a number of regulatory programs in place to protect consumer privacy.
Under the Communications Act, Congress gave the FCC statutory authority to protect consumer privacy on communications networks. Section 222 of the Communications Act requires telecommunications carriers to protect customer proprietary network information (CPNI) – data collected by telecom companies on their customers. Through this statute, Congress and the FCC emphasized the importance of giving consumers control over how their information is being used. The FCC has effectively exercised its authority under Section 222 to protect consumer privacy on telephone networks for over 20 years, making telephones one of the securest forms of communication.
As Congress could not predict upcoming technological changes, it entrusted the FCC with the authority to determine what type of privacy requirements to place over future communications networks. As a result, the FCC continuously updated its CPNI rules to reflect changes in communications technology. The FCC now has CPNI rules for mobile phones and interconnected voice over internet protocol (VoIP) services. When the FCC reclassified internet service providers as a Title II common carrier service, it made a conscious decision to apply its Section 222 authority over broadband networks and adopted a set of rules. Despite the fact that Congress repealed the broadband privacy rules, the FCC still maintains its authority under Title II to treat the ISPs as common carriers and protect consumer information. The FCC relies on Section 222 to determine the requirements for ISPs to protect consumer privacy, oversee ISPs’ usage of the collected personal information, and ensures they don’t abuse their power.
When Congress repealed the broadband privacy protection rules, it also prohibited the FCC from adopting substantially similar rules in the future. The current administration is also trying to prevent the FCC, the only agency that has jurisdiction over broadband providers, from having the authority to interpret the obligations that ISPs have to protect consumer privacy. Nevertheless, the FCC still has the statutory framework under Title II to apply CPNI authority to broadband, protect consumer privacy, and bring enforcement actions against ISPs. In addition, the Commission maintains its authority to issue guidelines and best practices for consumer data protection.
Moreover, the FCC maintains its general consumer protection authority under Section 201 of the Communications Act. The FCC has used this statute to protect consumers from unjust and unreasonable practices for the last eight decades and recently applied it in the privacy context. In the case of Lifeline low-income telephone services, the FCC found that the ISPs TerraCom and YourTel violated Section 201 by failing to use reasonable data security practices for the protection of consumer information.
In addition to Title II, Congress gave the FCC additional sources of authority to protect consumer privacy on communications networks. The FCC protects the privacy of mobile users and protects the proprietary information of businesses in order to promote competition under Title III of the Communications Act. Similarly, the FCC relies on Section 551 of the Communications Act to protect cable users’ privacy.
Through years of rulemakings and enforcement actions, the FCC has developed the expertise necessary to protect consumer privacy on communications networks. Consumers are concerned about their ability to protect their personal privacy for themselves and their families. According to survey results released by the National Telecommunications Information Administration, a significant number of consumers avoid online activities because of privacy concerns. To foster security, opportunity, and development of the internet, the FCC must continue to have a strong role in protecting broadband privacy. As members of Congress continue to develop online privacy legislation, they should understand the important role the FCC plays in protecting consumer privacy on communications networks.