Consumers Deserve Consistent Privacy Protections on the Internet

security blog

In a vibrant, fast-changing Internet economy, companies should be transparent about their data practices, provide consumers with choices on how their data is used, and work hard to keep data secure. Consumers also deserve consistent privacy protections across the Internet for the information they deem private and sensitive, no matter how or with whom they share it. Protections should be based on the type of information collected, not the type of business holding it. And privacy norms should apply uniformly so that consumers do not have to guess about their privacy protection depending on the platform they are using.

Broadband providers or ISPs, as a subset of the Internet economy, have a long history of protecting consumer privacy and strong incentives to preserve their customers’ trust and loyalty with respect to protecting their data. The FCC’s heavy-handed proposal to place unique privacy restrictions on ISPs does not arise out of any action taken by such companies. It is entirely a consequence of the FCC’s reclassification of broadband providers as common carriers under the Communications Act. Instead of constructing a whole new regime, the Commission should focus on restoring the unified privacy policy regime applicable to all parts of the Internet ecosystem so that consumers once again benefit from one set of privacy policies and standards.

A month ago, a cross-section of the broadband industry put forward a broadband privacy proposal for the FCC to consider as it moves forward with adopting broadband privacy rules. This proposal is guided by principles of transparency, data security, and consumer choice.  It calls for harmonizing FCC rules with the already successful FTC privacy framework, which is backed up by strong enforcement for unfair or deceptive acts or practices. This well-tested model benefits everyone by safeguarding privacy interests and ensuring that companies are held accountable for their privacy commitments. This approach fulfills Internet users’ already established expectation that their data is subject to consistent privacy rules regardless of whether it is used by an ISP, an application, an operating system, or an edge provider.

Unfortunately, the FCC’s proposed direction appears misguided. It responds less to actual facts about how a variety of entities collect and use personal data online and reacts more to the distortions and fear-mongering by groups with a concerted agenda to demonize ISPs for who they are, not for what they do.

Hopefully, as the comment period proceeds, more sober reflections will allow the agency to fully consider approaches that better promote the value of consistency, both as a matter of consumer protection and as a matter of fair competition. We urge the agency to take into account the recent research done by Georgia Tech which discusses the technological and marketplace realities of who has access to what information on the Internet. Simply put, ISP access to data is not unique and it is not comprehensive. If the objective is to protect consumers’ privacy online, the Commission should be guided by facts and the real-world implications of new privacy regulations. It should take a technology neutral approach by treating companies with access to similar user information the same. This is not a new concept. The White House’s privacy blueprint and consumer bill of rights establishes a framework based on avoiding inconsistent standards for similar technologies and giving consumers a consistent set of expectations.

As we’ve seen with almost every other Internet technology evolution, the key is to promote flexibility for companies to meet the privacy and security needs of their customers while allowing them to innovate and adapt to technology and market changes. The Internet has flourished in this environment, and there is no reason for the FCC to abandon it now.

The bottom line is we should all be focused on the core privacy principles outlined in the industry proposal: transparency, security, easy-to-understand choices, and respect for the context in which the consumer provides his or her information. But it is equally important that government policy promote a consistent set of expectations and protections for consumers across the Internet to achieve these goals.