Washington - April
Fools' Day came early last week, as professional lobbyists lit a wildfire of
misinformation about Congress's action - signed into law Monday by President
Donald Trump - to nullify the Federal Communications Commission's broadband
privacy rules. So as the nation's chief communications regulator and the
nation's chief privacy enforcer, we want to let the American people know what's
really going on and how we will ensure that consumers' online privacy is
protected.
Let's set the
record straight: First, despite hyperventilating headlines, Internet service
providers have never planned to sell your individual browsing history to third
parties. That's simply not how online advertising works. And doing so would
violate ISPs' privacy promises. Second, Congress's decision last week didn't
remove existing privacy protections; it simply cleared the way for us to work
together to reinstate a rational and effective system for protecting consumer
privacy.
Both of us
warned two years ago that the FCC's party-line vote to strip the Federal Trade
Commission of its jurisdiction over Internet broadband providers was a mistake
that would weaken Americans' online privacy. Up until that decision, the FTC
was an effective cop on the privacy beat, using a consistent framework for
protecting privacy and data security throughout the entire Internet ecosystem.
Indeed, under that framework, the FTC carried out more than 150 enforcement
actions, including actions against some of the nation's largest Internet
companies.
Public utility
But in 2015, the
FCC decided to treat the Internet like a public utility, taking away the FTC's
ability to police the privacy practices of broadband providers. This shifted
responsibility from the agency with the most expertise handling online privacy
(the FTC) to an agency with no real experience in the field (the FCC). As we
feared, this 2015 decision has not turned out well for the American people.
During the Obama
administration, the FTC concluded that "any privacy framework should be
technology neutral" because "ISPs are just one type of large platform
provider" and "operating systems and browsers may be in a position to
track all, or virtually all, of a consumer's online activity to create highly
detailed profiles." But the FCC didn't follow this guidance. Instead, it
adopted rules that would have created a fractured privacy framework under which
ISPs would have been subject to one standard and content providers would have
been subject to another. The Obama FTC, in a unanimous bipartisan comment,
criticised this approach as "not optimal." In Washington-speak,
that's a major rebuke.
The FCC's
regulations weren't about protecting consumers' privacy. They were about
government picking winners and losers in the marketplace. If two online
companies have access to the same data about your Internet usage, why should
the federal government give one company greater leeway to use it than the
Internet service providers should be treated differently because they have
access to more of your personal information than companies such as Google and
Facebook. But that's not true. As Peter Swire, President Bill Clinton's chief counsellor
for privacy and President Barack Obama's special assistant for economic policy,
explained in a paper he co-wrote for Georgia Tech's Institute for Information
Security and Privacy, "ISPs have neither comprehensive nor unique access
to information about users' online activity. Rather, the most commercially
valuable information about online users . . . is coming from other contexts,"
such as social-media interactions and search terms.
Others argue
that ISPs should be treated differently because consumers face a unique lack of
choice and competition in the broadband marketplace. But that claim doesn't
hold up to scrutiny either. For example, according to one industry analysis,
Google dominates desktop search with an estimated 81 percent market share (and
96 percent of the mobile search market), whereas Verizon, the largest mobile
broadband provider, holds only an estimated 35 percent of its market.
As a result, it
shouldn't come as a surprise that Congress decided to disapprove the FCC's
unbalanced rules. Indeed, the FTC's criticism of the FCC's rules last year
noted specifically that they "would not generally apply to other services
that collect and use significant amounts of consumer data."
Put simply, the
Chicken Little-like reaction doesn't make any sense, particularly when compared
with the virtual silence when the FCC stripped away existing privacy
protections in 2015. But we understand that more needs to be done to protect
online privacy. The American people deserve a comprehensive framework that will
protect their privacy throughout the Internet. And that's why we'll be working
together to restore the FTC's authority to police ISPs' privacy practices. We
need to put the nation's most experienced and expert privacy cop back on the
beat, and we need to end the uncertainty and confusion that was created in 2015
when the FCC intruded in this space.
In short, the
Obama administration fractured our nation's online privacy law, and it is our
job to fix it. We pledge to the American people that we will do just that.
Pai is chairman
of the Federal Communications Commission. Ohlhausen is acting chairman of the
Federal Trade Commission.