privacy_of_mobile_devices

By Shawn Marcum

Even though many businesses collect consumer data, creating a need for consumer privacy protections, the Federal Communications Commission’s (“FCC”) new privacy rules raise a complicated issue concerning conglomerates made up of both telecommunications and non-telecommunications businesses.  The Federal Trade Commission (“FTC”) protects consumer privacy with respect to almost all businesses collecting consumer data, except for businesses defined as telecommunications providers, which are within the regulatory jurisdiction of the FCC.[1]  For decades, the FCC enforced consumer privacy on telephone companies, but it did not do so for Internet service providers (“ISP”) because ISPs were not considered telecommunications providers until recently under the 2015 Open Internet Order.[2]  As a result, a gap of consumer privacy protection now exists that the FCC hopes to close with its recently adopted consumer privacy rules.[3]  In filling this gap, however, the FCC raises the question of whether a telecommunications company subsuming a non-telecommunications company—e.g., AT&T purchasing Time Warner—places the consumer privacy enforcement of the non-telecommunication entity in the domain of the FTC or the FCC.[4]

The FCC simply seeks to apply its regulatory jurisdiction and expertise gained in enforcing consumer privacy protection on the telephone network industry to the broadband Internet industry with its new privacy rules that are supposed to give consumers the ability to choose how ISPs use and share their data while providing ISPs the flexibility to grow and innovate.[5]  According to the FCC, “The rules [. . .] would not prohibit ISPs from using or sharing their customers’ information—they would simply require ISPs to put their customers in the driver’s seat when it comes to those decisions.”[6]  Section 222 of Title II of the Communications Act states that telecommunications providers, which ISPs are now defined as, must protect consumer privacy, and the FCC explicitly states that the scope of the new rules are limited to defined telecommunications providers—i.e., telephone providers and ISPs—and does not include any other type of business within the FTC’s jurisdiction—e.g., websites and edge providers.[7]

Not everyone sees the newly adopted privacy rules as the FCC views them.  Instead, AT&T, for example, believes that companies such as Google and Facebook would be at a competitive advantage because of the way in which AT&T could be regulated under these rules.[8]  Currently, AT&T looks to purchase Time Warner, which should make it more competitive with Google and Facebook because it would have significantly more consumer data to monetize on.[9]  However, the collection of consumer data and how it can be used depends upon the regulatory jurisdiction; FTC would likely regulate the Time Warner side while the FCC would regulate the AT&T side.[10]  To complicate things further, the Ninth Circuit made unclear whether the FTC has any authority over a subsidiary of a telecommunications provider.[11]

As such, the different regulatory jurisdictions could create complex and confusing business models for conglomerates made up of both telecommunications and non-telecommunications companies.[12]  For example, Tim Sparapani of CALinnovates told Bloomberg BNA that as of now, it is unclear whether one part of a company may share consumer data with another part.[13]  Under the FCC rules, “ISPs would be required to obtain ‘opt-in’ consent to use sensitive information,” meaning that ISPs must have the consumers’ affirmed consent before they can use and share consumer data.[14]  These rules, of course, outline what is considered “sensitive information,”[15] but that data may overlap with information that a company may share under the FTC consumer privacy regulatory scheme.  The FCC ensures that its newly adopted rules are “consistent with other privacy frameworks, including the [FTC]’s and the Administration’s Consumer Privacy Bill of Rights.”[16]  However, only time will tell whether this issue will be anything more than theoretical according to critics of the new FCC privacy rules.[17]

[1] See Tom Wheeler, Protecting Privacy for Broadband Consumers, FCC (Oct. 6, 2016), https://www.fcc.gov/news-events/blog/2016/10/06/protecting-privacy-broadband-consumers.

[2] See Fact Sheet: Chairman Wheeler’s Proposal To Give Broadband Consumers Increased Choice Over Their Personal Information, FCC, https://transition.fcc.gov/Daily_Releases/Daily_Business/2016/db1006/DOC-341633A1.pdf (last viewed Oct. 26, 2016) [hereinafter Privacy Rules Fact Sheet]; see also Protecting and Promoting the Open Internet, Report and Order on Remand, Declaratory Ruling, and Order, 30 FCC Rcd. 5601, 5604, 5615, 5747 (2015).

[3] See Wheeler, supra note 1; see also FCC Adopts Privacy Rules to give Broadband Consumers Increased Choice, Transparency and Security for Their Personal Data, FCC News (Oct. 27, 2016), https://transition.fcc.gov/Daily_Releases/Daily_Business/2016/db1027/DOC-341937A1.pdf [hereinafter FCC Adopts Privacy Rules].  See generally, Protecting the Privacy of Customers of Broadband and Other Telecommunications Services, WC Docket No. 16-106, Report and Order, FCC 16-148 (Oct. 27, 2016).

[4] See Lydia Beyoud and Kyle Daly, FCC Privacy Rules Could Hamper AT&T-Time Warner Data Mining, Bloomberg (Oct. 25, 2016), https://www.bna.com/fcc-privacy-rules-n57982079136/.

[5] See Privacy Rules Fact Sheet, supra note 2.

[6] Id.

[7] See FCC Adopts Privacy Rules, supra note 3.

[8] See Beyoud and Daly, supra note 4.

[9] See id.

[10] See id.

[11] See generally, FTC v. AT&T Mobility LLC, 835 F. 3d 933 (9th Cir. 2016).

[12] See Beyoud and Daly, supra note 4.

[13] Id. (“Companies having to collect, store and use customer data in different ways depending on what side of the business collected that data could create engineering headaches and regulatory compliance woes for companies, Sparapani said.”).

[14] See FCC Adopts Privacy Rules, supra note 3.

[15] Id.

[16] Id.  See generally, Protecting the Privacy of Customers of Broadband and Other Telecommunications Services, WC Docket No. 16-106, Report and Order, FCC 16-148 (Oct. 27, 2016).

[17] See Beyoud and Daly, supra note 4.

Share this post