COLUMN: Build upon Uniform, Workable Privacy Framework to Protect Consumer Data
Americans rightfully expect for their private internet data to be protected from fraud or theft under a clear, transparent framework for all business conducted on the Internet. Rules that protect personal data online should be uniform, and I support a strong framework across federal agencies to enforce standards that protect personal data from inappropriate and deceptive business practices.
For years, the Federal Trade Commission has been the agency charged with enforcing consumer data security and preventing deceptive business practices or misuse of consumer data online. In fact, the FTC has taken many enforcement actions that stress that companies must respect their customers’ individual privacy. One example is the FTC enforcement of a case against a social media company to resolve charges that the company deceived consumers by telling them they could keep their information private, and then repeatedly allowing that information to be shared and made public. The FTC acted rightly in this case on behalf of protecting consumers.
At the very end of the Obama administration, a separate agency, the Federal Communications Commission (FCC), finalized a new broadband privacy rule that applied solely to Internet Service Providers (ISPs). The implementation of the rule was paused, however, before it ever went into effect.
Upon learning of the proposed rule, the FTC, which has been protecting and enforcing online privacy for years through a comprehensive framework, criticized the FCC broadband rule because it would create an inconsistent set of standards. The broadband rule would mean that consumer data would be treated differently in regards to ISPs versus internet content providers such as social media sites and web browsers. By characterizing the effect of the rule as “not optimal,” the FTC found the uneven outcome this rule would create for consumer data as problematic. It should be very clear to consumers which entities have access to use of data for commercial, social, or innovative purposes and consumers should have a consistent standard on how to control their privacy across platforms. The FCC rule, had it gone into effect, would have muddied those waters.
The reversal of the FCC’s new broadband rule, which I supported, returns ISPs to the same rules that have applied to internet content providers for years. ISPs continue to be subject to enforcement of federal privacy protections. To further ensure privacy protections, last month, top officials at the FTC and FCC committed to harmonizing privacy rules so that data protections are consistent from one agency to another. I support improving that agency-to-agency effort to make consumer protection rules apply across the board to internet service providers as well as other internet content providers so consumer have confidence that their data is protected .