This week, Congress voted to strike down the Federal Communications Commission’s controversial 2016 Internet Privacy Rules under the Congressional Review Act. As of this writing, President Trump is expected to sign the measure into law.
Given the highly political nature of anything involving the word “privacy”, the usual net-roots crowd has been lighting up the internet with tails of the coming broadband privacy apocalypse by rogue Broadband Service Providers (“BSP”). To calm things down a bit, perhaps some perspective is in order.
First and foremost, as we have observed before, the common currency in the internet age for both “edge” providers such as Google and the operators of “core” broadband networks such as Verizon and CenturyLink is information to provide consumers with enhanced online experiences. Given Americans’ voracious use of the internet, and what our browsing and buying habits say about us, common sense would dictate that the U.S. Government’s approach to the complex issue of consumer privacy should be comprehensive and not piecemeal: for industry-wide problems we need industry-wide solutions, not unique rules for one kind of company and different rules for another.
Second, the FCC under former Chairman Tom Wheeler didn’t care less about cohesive policy approaches. Rather than attempting to harmonize its privacy policy with the approach taken by the Federal Trade Commission that already oversees online privacy issues, the Commission decided to re-invent the wheel and write its own set of draconian rules creating gaps and inconsistencies with the FTC’s approach.
Third, the FCC’s privacy rules were just bad rules. As I detailed repeatedly elsewhere, the FCC’s privacy rules were an excellent example of politically-driven asymmetrical regulation specifically designed to transfer economic profits from the core of the network to the edge. In plain English, the FCC’s rules were designed to help edge companies like Google protect their market share against competition from BSPs like AT&T. In so doing, the Commission perversely provided further incentive for BSPs to reduce network investment.
Finally, the CRA at issue does not change the state of the governing law. This is because the CRA is not designed to re-write an administrative agency’s governing statute, but to provide Congress with a direct oversight mechanism to review and disapprove how an administrative agency implements its governing statute. According to the CRA, if Congress disapproves of a specific rule, then an administrative agency may not reissue that rule “in substantially the same form….” Under the statute’s plain terms, however, the CRA does not prohibit an agency from taking another bite at the apple with a substantially different analytical approach. What happened this week, therefore, is that Congress recognized the folly of the FCC’s asymmetrical privacy approach, and directed Commission to go back to the drawing board (and, ideally, harmonize its approach with the FTC).
While the hyperbole is running hot and heavy right now, we are far from a looming privacy apocalypse. This week’s CRA is just another step in a protracted and complex policymaking process.
It is not the last.