It is not even Inauguration Day, but the open season on telecom regulations developed during the Tom Wheeler era at the FCC has already begun! On January 3, 2017, several ISP and cable associations including The Internet and Television Association (NCTA) and the US Telecom Association (USTA) filed Petitions for Reconsideration requesting the Commission to significantly modify its November 2, 2016 ISP Privacy Order in Docket 16-106.

The ISPs and cable companies allege there are several major flaws in the Order and argue that the FCC should align ISP privacy rules with the less onerous rules currently used by the Federal Trade Commission (FTC) to regulate edge providers.

In their filings, the petitioners make the following arguments.

[The Privacy Order] exceeded the scope of the Commission’s authority under Section 222 of the Communications Act. Section 222 was designed to apply only to voice telephony services...The Commission’s reliance on Section 222(a) as a source of authority for regulating use and sharing of the personally identifiable information (PII) of broadband customers is likewise unfounded. When Congress acts in the Communications Act to regulate PII, it does so explicitly. Section 222 is aimed at regulating a very specific, narrow set of data – call record information of voice telephony customers – and the language and structure of the Act demonstrate that Congress deliberately chose not to regulate PII under that provision.

[T]he rules adopted in the Order arbitrarily and capriciously depart from the Federal Trade Commission’s (FTC) long-standing and effective privacy framework applicable across the Internet (including to ISPs, which the FTC had vigorously studied before adopting its rules), establishing instead an asymmetric privacy regime that will harm consumers, competition, and innovation. Disregarding substantial record evidence showing that ISPs do not have more visibility into broadband customers’ data than other Internet entities, the Order unjustifiably treats ISPs far more stringently than others with similar – or even greater – access to such data. The disparate framework imposed by the Commission reduces consumer welfare by depriving ISPs of the same opportunity to provide their customers with data-driven services and capabilities as other Internet entities while also stifling their ability to provide much-needed competition in the highly concentrated online advertising market. It will confuse consumers by having two markedly different choice mechanisms for the same data sets, while failing to materially improve consumer privacy, since all non-ISPs coming into contact with this data will be subject to less stringent use and disclosure restrictions.

[T]he rules infringe on the protected speech of ISPs in a manner that cannot pass muster under the First Amendment.

[T]he Order establishes unworkable and conflicting data breach and data security requirements that will lead to over-notification to law enforcement and consumers of putative data breaches that do not actually cause harm as well as require ISPs to take measures to secure an impermissibly broad swath of non-sensitive data. (Petition For Reconsideration of NCTA – The Internet and Television Association, filed January 3, 2017, at pp. i-ii.)

Finally, at USTA points out in its Petition, “the Order dispenses with any cost-benefit analysis: it treats even the most ephemeral privacy interest as though it had infinite weight and simply disregards the economic costs of foreclosing productive uses of information.”

One way or another, it is clear that the ISP Privacy Order will not stand. If it so chooses, the Commission can respond to the petitions by authoring its own Order On Reconsideration in which it repudiates all it has written so far about the need for onerous ISP privacy requirements and simply applies the FTC privacy rules to ISPs.

The Commission could also let the ISP Privacy Order take effect and choose to not enforce any of the provisions that do not apply to edge providers under the FTC rules. Then once it (or Congress) eliminates the Title II classification for broadband Internet access service as part of the soon-to-come effort to rewrite the net neutrality rules, control over ISPs as information services automatically returns to the FTC and its privacy rules would apply. The FCC’s Privacy Order would instantly become moot.

Finally, it is also possible that Congress could eliminate the ISP privacy rules if it chooses to get involved with net neutrality as part of a new Telecommunications Act. However, the feeling around Congress is that it will wait to see what the FCC does, before it becomes involved. Thus, this is the least likely scenario.

The ISP privacy Order is the first domino that will fall in 2017. This will certainly be a year of change for the industry as regulations will be seen as enemies of the free market rather than as a protector. We can only hope that Republicans won’t emulate the Democrats and overreach in their anti-regulatory fervor.

By Andy Regitsky, CCMI