Last October, in a vote split along party lines, the Federal Communications Commission (FCC) under then-chairman Tom Wheeler approved a new regulatory regime staking the FCC’s claim to aggressive privacy and cybersecurity regulation of Internet service providers (ISPs). The privacy and cybersecurity rules followed the FCC’s 2015 decision in the Open Internet Order (known as net neutrality) to classify broadband Internet access service as a telecommunications service under Title II of the Communications Act.
One effect of the FCC’s 2015 Open Internet Order was to remove the Federal Trade Commission’s (FTC) oversight of ISPs by classifying them as common carriers exempted from Section 5 of the FTC Act. The FCC’s new privacy regime thus sought to fill the privacy gap left by the agency’s classification decision, but the FCC’s privacy rules went far beyond the guidelines established by the FTC. The FCC’s rules would firmly establish the FCC as the toughest privacy regulator in the Internet ecosystem by imposing significantly more onerous and restrictive requirements for use and collection of consumer data on ISPs than the FTC imposed on their non-ISP competitors who also collect, use, and share consumer data.
The FCC’s privacy rules share some characteristics with the FTC’s longstanding regulation in this space, including requiring fixed ISPs and mobile data carriers that offer broadband services to obtain affirmative opt-in consent from consumers prior to using, sharing, or selling sensitive information. The FCC’s definition of sensitive information, however, is far more
The FCC’s rules are on the books now, with the substantive requirements scheduled to take effect in stages over the course of 2017. Several parties have filed petitions for reconsideration that are currently pending before the agency.
Following the change in administration and the ascendancy of new FCC chairman, Ajit Pai, the status of the FCC’s new privacy regime (and the agency’s decision to classify ISPs as common carriers under Title II) is in question. On March 1, 2017, the FCC entered an interim stay of the new rules related to data security, which
It remains to be seen whether and how the FCC ultimately will revise its privacy and