How Washington is throwing away its shot at protecting your privacy
When Congress killed Federal Communications Commission rules that would stop internet providers from selling your browsing history to advertisers, supporters of that move told upset internet users to cheer up.
Now, they all said, we could finally protect your privacy everywhere online! Instead of having rules that constrained only internet providers while letting sites and apps have fun with your data, we’d get our shot to develop a comprehensive privacy framework for all these companies.
Two months later, something interesting has happened: A Republican member of the House has introduced a bill that would do just that. And many of the people who had so much to say about online privacy in March have nothing to say about this bill… which suggests it will fare as well as other attempts to write new privacy laws.
Then: We can hit the reset button!
The votes by House and Senate Republicans at the end of March quashed one attempt to protect privacy online.
Rules that the FCC had first proposed last March would have required your internet provider to get your permission before selling information about your use to advertisers (it could still employ that data to market its own telecommunications services to you). The rules said nothing about an app or a social network’s use of your data, because the FCC doesn’t have authority over them.
But because the FCC didn’t adopt these “opt-in” privacy rules until October, Congress could cancel them with a simple vote under the Congressional Review Act of 1996. As that vote neared, many business groups touted it as a necessary push of a reset button that would clear the way to comprehensive rules for both internet providers and sites.
For example, in a March 23 email from the 21st Century Privacy Coalition, co-chair Mary Bono said this vote would allow Washington to “develop a comprehensive approach to consumer online privacy.” A March 23 email from the U.S. Chamber of Commerce backed “a uniform approach to data that respects innovation.”
Likewise, a March 27 announcement from the cable-industry group NCTA cited that organization, the Consumer Technology Association and the wireless group CTIA as favoring “developing a truly comprehensive and effective privacy framework for the entire internet based on the successful FTC approach.”
And the Internet Innovation Alliance sent out its own email April 3 endorsing “a consistent broadband privacy framework that protects data and continues to promote internet innovation.”
Now — crickets
That brings us to the introduction two weeks ago of a new bill by Rep. Marsha Blackburn (R.-Tenn.). Blackburn’s BROWSER Act of 2017—as in, “Balancing the Rights of Web Surfers Equally and Responsibly”—would apply an opt-in standard to both providers and sites.
As it states on page 3, both an ISP and a site “shall obtain opt-in approval from a user to use, disclose, or permit access to the sensitive user information of the user.”
Blackburn was not the representative most people expected to see introduce a bill like this. She not only sponsored the resolution that erased the FCC privacy rules, but she also has a history of taking the telecom industry’s side (not to mention its cash).
“I think it’s safe to say that the Blackburn bill surprised the companies it would regulate, including most ISPs and edge providers alike,” Matt Wood, policy director for Free Press, said in an e-mail. That digital-rights group has its own history of opposing Blackburn, but Wood said “many substantive ideas in the bill are good.”
You’d think this bill would warrant a comment by the trade groups that had supported developing a uniform privacy standard—or the internet providers that had pledged in January to operate by an opt-in standard.
You would be wrong. Spokespeople for the 21st Century Privacy Coalition, NCTA, CTA, the Chamber, and Comcast all said they had yet to take a stance on the bill, which has drawn four Republican co-sponsors to date. CTIA did not respond to queries but has yet to post anything about Blackburn’s proposal either.
(Disclosure: I’ve spoken at multiple NCTA and CTA events.)
IIA publicist Lauren DuBois did, however, write in an email that the group “welcomes Rep. Blackburn’s privacy initiative” as a step to establish the same consumer privacy protections for all service providers across the internet.”
Change is hard
That doesn’t mean Blackburn’s bill is a great one or even that it will go anywhere. Wood said he didn’t like the bill’s preemption of any state privacy laws. Electronic Frontier Foundation legislative counsel Ernesto Falcon voiced the same concern. He added that internet providers, which play a much larger role in any one person’s online experience than any one site, deserve stricter regulation.
But Blackburn’s bill—along with a somewhat similar bill called the MY DATA Act introduced in April by Sen. Richard Blumenthal (D.-Conn.), a less surprising supporter of privacy legislation—represents something much more substantive than the vague promises of future action we’ve heard before.
I trust that the companies and groups that worked so quickly to dismantle the FCC’s privacy rules can find something to say about it. Any day now, right?
Email Rob at [email protected]; follow him on Twitter at @robpegoraro.
More from Rob: