Last week, Washington DC hosted the International Association of Privacy Professionals (IAPP) Global Privacy Summit 2017, where privacy experts gathered to learn, discuss and debate issues concerning current policy and regulatory trends on privacy and security.
Acting Chairman of the Federal Trade Commission (FTC), Maureen Ohlhausen participated in a panel discussion with her former FTC colleague Julie Brill, where she talked about the FTC’s current and future consumer protection work. Ohlhausen talked about the current situation surrounding the role of the Federal Communication Commission (FCC) and the Federal Trade Commission on regulating privacy with respect to Internet Service Providers (ISPs).
Let’s recap for a second: in 2015, the FCC’s decision to “reclassify” ISPs as “common carriers” affected the FTC’s authority to protect consumers’ privacy in their interactions with their ISPs. Consequently, in 2016, the FCC decided to implement formal rules in order to close the consumer protection gap created by the reclassification. But, the new rules only applied to ISPs, leaving out edge providers such as Google, Netflix, Amazon and so on. As a consequence, Congress decided to use the Congressional Review Act (CRA) to roll back the FCC’S 2016 privacy rules. However, this action has generated mixed-reactions among stakeholders and policymakers. Some argue the CRA has created an authority gap leaving consumers’ privacy in the limbo. Others, like FCC Chairman Ajit Pai and Ohlhausen, argue this action is as an opportunity to come up with a “comprehensive framework” to level the playing field between ISPs and edge providers.
Just a couple of days before the IAPP Privacy Summit, FTC Commissioner Terrell McSweeny, at an event hosted by New America and Public Knowledge, addressed this very issue, arguing that by rolling back the FCC privacy rules, Congress has shifted the burden of privacy protection on consumers, rather than on industry giants. McSweeny questioned the expertise of the FTC in handling “network engineering” issues; she claims that even if the FTC would be granted jurisdiction over “common carriers,” it would be a mistake to eliminate the FCC’s 2015 Open Internet Order. She also questions whether antirust law enforcement alone would be sufficient to address net neutrality concerns.
Contrary to McSweeny’s views, Ohlhausen defends the recent congressional action, and hopes that the FCC or Congress will reinstate the FTC’s jurisdiction to protect consumers’ privacy. Ohlhausen told the IAPP’s audience the CRA did not create a gap in privacy protections, but rather this gap has existed since 2015 as consequence of the Open Internet Order. She points out that the biggest and most important divide between the FCC and FTC privacy framework resides in their definition of sensitive information. For instance, the FTC’s privacy framework balances consumers’ privacy with their personal preferences regarding price, efficacy, safety, flexibility and reliability, while the FCC disregards consumers’ choices. When she was asked whether the FTC would be capable of enforcing privacy protections under the current budgetary constrains, and if necessary to police net neutrality, she didn’t hesitate to give an affirmative answer. Ohlhausen believes the FTC has the necessary tools not only to police ISP privacy activities, but also net neutrality, where antitrust and market forces could effectively promote competition.
While this conversation is not over, we will be paying close attention to the next steps that regulators and policymakers in the US will take to ensure consumer privacy protection, and a level-playing field for all the players in the internet ecosystem.