We write to express our strong appreciation for your continuing oversight of the Federal Communications Commission’s (“FCC’s” or “Commission’s”) proposed broadband privacy rules. We are at a time of critical importance in the FCC’s proceeding. Approximately six weeks remain before the FCC is expected to vote on final rules.
Even before this proceeding began, the undersigned associations urged the FCC to develop a framework consistent with the Federal Trade Commission (“FTC”) approach that applies to the rest of the Internet ecosystem. The proposed FCC broadband privacy rules, however, impose unnecessary and unjustified restrictions on Internet Service Providers (“ISPs”), and deviate from the bipartisan privacy framework that has been successfully enforced by the FTC against ISPs and others throughout the Internet ecosystem for decades and that was endorsed by the Obama Administration after considerable examination.
In their comments to the FCC, the FTC highlighted several concerns with the proposed FCC rules. In particular, the FTC noted that the proposed FCC rules do not distinguish between sensitive and non-sensitive data with regard to appropriate consumer choices. As a result, the FTC recommended that “the FCC consider the FTC’s longstanding approach, which calls for the level of choice to be tied to the sensitivity of data [e.g., financial, health, children’s information]” and that “opt-out is sufficient for use and sharing of non-sensitive data.” As FTC Commissioner Maureen Ohlhausen warned, “the differences between the FTC’s approach and the proposed FCC approach . . . may not best serve consumers’ interests.” And, just a few weeks ago at the Technology Policy Institute, FTC Chairwoman Edith Ramirez noted that such “a large discrepancy” between the two approaches “isn’t optimal.” We ask that the Committee explore this discrepancy at the hearing to ensure that the FCC is not creating a framework that departs from the FTC’s and Administration’s approach.
A sensitivity-based approach with regard to consumer choices has long been the foundation of U.S. and international privacy laws. A departure from this approach, as reflected in the FCC’s proposed rules, would be radical and undermine the dynamic Internet economy. As explained by numerous experts on the record in the FCC’s proceeding, a regime that imposes the same obligations on sensitive and non-sensitive data would increase costs on consumers, for example, by making it harder for consumers to learn about innovative new products or discounted pricing options, and by blocking ISPs from bringing new competition to the online advertising market.
We also ask the Committee to examine how the proposed FCC rules would significantly limit ISPs from marketing their other products and services to their existing broadband customers, by burdening that marketing with opt-in consent in most instances. Consumers can benefit, including from reduced costs, by receiving first-party marketing from ISPs about their other offerings, such as home security, energy efficiency products, or music services. Both the FTC and the Administration concluded in their 2012 privacy reports that ISPs and other companies should be permitted to offer such marketing to their customers based on implied consent. As the Administration’s report explained, “[C]ompanies may infer consent to use personal data to conduct marketing in the context of most first-party relationships, given the familiarity of this activity in digital and in-person commerce, the visibility of this kind of marketing, the presence of an easily identifiable party to contact to provide feedback, and consumers’ opportunity to end their relationship with a company if they are dissatisfied with it.”
Another important issue that we urge you to consider is the FCC’s criticism and possible banning of discounts for personalization—the offering of customer discounts in exchange for the use of their information. This is a common value exchange recognized in both the offline and online marketplaces, and millions of consumers take advantage of such savings in rewards, loyalty, and other such programs across many industries; singling out ISPs to either prohibit or limit this practice will deprive consumers of potential cost-saving benefits. ISPs, of course, should provide consumers clear explanations of how these programs work, so that consumers can make informed choices.
In addition, in whatever action the Commission takes, it should account for and alleviate the additional burdens new rules place on smaller ISPs, including by exempting them from compliance with the most onerous aspects of rules. The Committee explored this issue in depth at its July hearing on the Commission’s privacy proposals, and numerous members, from both sides of the aisle, expressed concern about the impact of new rules on smaller ISPs and their customers. We believe it would be worthwhile for the Committee to again raise its concerns with the Chairman and Commissioners at tomorrow’s hearing.
Finally, as the Committee delves into the proposed FCC rules, it is important to note the impact of this proceeding on the international privacy landscape. The U.S. government earlier this year concluded its negotiations with the European Commission on the EU-U.S. Privacy Shield. That program is now up and running, but widely expected to be challenged in European courts. The cornerstone of that program is that the FTC’s privacy regime effectively protects consumer privacy. There have already been questions raised in the EU about the impact of the FCC’s broadband privacy proceeding and the extent to which it undermines U.S. claims regarding the adequacy of the FTC’s approach. We can expect such questions to continue, creating unnecessary risks regarding the legal viability of important mechanisms, such as the Privacy Shield, on which many U.S. companies rely to facilitate trans-Atlantic data flows.
We again thank the Committee for providing oversight of the FCC on this important issue of broadband privacy.