The House of Representatives voted late last month to eliminate Internet service provider privacy rules, following the Senate vote to take the same action. The House voted 215-205, with most Republicans voting to eliminate them and all Democrats voting to preserve them, while Senate voted 50-48 in favor of repealing them. This legislation, named S.J. Res. 34, has now been put into effect by President Donald Trump with his signature on April 3rd, with his actions in line with the Senate and House votes. Of course, this was met with mixed feedback from Republicans, Democrats, and privacy advocates alike.
The rules issued by the Federal Communications Commission last year would have required home Internet and mobile broadband providers to get consumers’ opt-in consent before selling or sharing Web browsing history, application usage history, and other private information with advertisers and other companies, as well as including new requirements for ISPs to notify customers if their data was breached. These rules would have gone into effect as early as December 4th this year. However, lawmakers used the authority they had under the Congressional Review Act to pass a joint regulation ensuring the rules “shall have no force or effect” and that the FCC has no power to issue similar regulations in the future. Without these privacy laws, ISPs can analyze their customers’ Web history and deliver personalized advertisements without consent.
Republicans praised Trump’s move as a step in the right direction. FCC Chairman Ajit Pai stated, “President Trump and Congress have appropriately invalidated one part of the Obama-era plan for regulating the Internet. Those flawed privacy rules, which never went into effect, were designed to benefit one group of favored companies, not online consumers.” The Data & Marketing Association, one of six trade groups urging Congress to pass S.J. Res. 34, said, “The House and Senate got it right on the ISP regulations. If these rules were to be enacted, they would disrupt the framework that has allowed the marketing ecosystem to responsibly use data to develop vital services that consumers now rely upon while also injecting dynamic innovation and growth into the U.S. economy.” Rep. Michael Burgess (R-Texas) stated the FCC’s laws “arbitrarily treat Internet service providers differently from the rest of the Internet.”
On the other hand, Democrats and privacy advocates have not taken kindly to the ruling. “President Trump has signed away the only rules that guarantee Americans a choice in whether or not their sensitive Internet information is sold or given away,” said Chris Lewis, vice president of consumer advocacy group Public Knowledge. When the House voted last month, Rep. Michael Capuano (D-Mass.) challenged Republicans to “leave Capitol Hill for five minutes” and “find three people on the street” who want ISPs collecting and selling their browsing histories. House Minority Leader Nancy Pelosi (D-Calif.) said that Americans’ private browsing history should not be up for sale and the overwhelmingly majority of American people disagree with this notion.
Other Republicans argued that the Federal Trade Commission should be the agency to regulate ISPs, as it already regulates other companies’ privacy practices. However, in order to relay that power to the FTC, the FCC would have to reclassify ISPs—effectively removing net neutrality rules—and further congressional action may be needed to give the FTC authority due to a court ruling in August last year stating AT&T was exempt from FTC oversight. Although they have not crafted any other alternative regulations as of now, they also have argued the FCC and the FTC should cooperate to create a new set of privacy rules. Pai stated he wanted the American people to know that the FCC will work with the FTC to ensure the protection of consumers’ online privacy through a consistent and comprehensive framework, and the best way to do it is to return jurisdiction over these privacy practices to the FTC, where it has “decades of experience and expertise in this area.” Compared to the FCC’s ruling, the FTC guidelines are less strict: they recommend opt-in consent for very personal information like Social Security Numbers, but allow an opt-out system for everything else like browsing data. While Pai opposes opt-in requirements, privacy advocates say that customers should be given a choice before their browsing data is shared or used for personalized advertising, as consumers are often unaware that opt-out systems even exist.