This week, the House of Representatives followed the Senate in voting for a resolution that throws out Obama-era regulations that would have banned your internet service provider from selling your web browsing history to advertisers. What possible reason could Congress have for repealing such a consumer-friendly policy? The refrain on the House floor yesterday was "consistency."
"What America needs is one standard across the internet ecosystem," said representative Greg Walden (R-OR). If services like Google and Facebook can turn data into profit, the logic goes why can't the cable companies?
But the House's resolution doesn't actually apply a single, consistent standard to the internet. It maintains the broken status quo, one in which internet service providers aren't actually at a disadvantage to websites and apps. If anything, they're held to a lower standard.
There's a growing awareness that you pay for "free" services like Facebook and Google by allowing them to serve up targeted advertisements, based on the data they collect from you. You might not be fully aware of the extent to which Facebook can track you across the web, but it does at least nag you to double check your privacy settings. Google, likewise, has made recent advertising expansions expressly opt-in.
But your internet services aren't free. You probably already pay handsomely for your home broadband and wireless data plans. There's no built-in expectation that your providers will "double dip" by selling your data and collecting advertising fees. But under the current law, it's entirely acceptable for them to do so, as long as there's at least some cryptic mention in the fine print of your contract.
The Federal Communications Commission rules that Congress voted to jettison would have changed that. Had the rules gone into effect, internet providers would have had to seek your opt-in permission before selling your data. Google and Facebook would still have been subject to Federal Trade Commission rules that only require that you be able to opt-out. Republicans argue that because these rules aren't perfectly consistent, consumers would be confused and, therefore, the less strict rules should be restored.
Leaving aside whether it makes sense to regulate websites and internet providers in exactly the same way---and whether it makes sense to lower the privacy bar for internet providers rather than raise it for websites---the GOP's line of reasoning has another problem. The resolution, which President Trump's advisors are urging him to sign, won't actually restore the FTC's authority to regulate internet providers. An appeals court decided last year that only the FCC can regulate "common carrier" telecommunications services, and throwing out the FCC's privacy rules doesn't change that. That means the rules for websites and apps ("edge providers," in legal lingo) will be just as inconsistent with those covering internet providers as they would have been had the FCC's privacy rules taken effect.
For years, ISPs operated under FTC guidelines that require companies to get your explicit permission before selling certain types of information, such as your social security number, medical records, or your location. At the same time, these rules didn't require similar opt-in permission to sell your web browsing history.
In 2015, the FCC reclassified broadband internet providers as common carriers, and then last year set about creating a new set of privacy rules that were stricter than those of the FTC. Specifically, the rules would have added browsing history to the list of things that companies needed opt-in permission to sell. But because of the appeals court decision ruling that the FTC has no authority to regulate common carriers, internet providers---unlike sites like Google and Facebook---currently don't have any guidance as to what information they can or can't sell.
That's not to say that internet providers can do anything they please. Even without the new rules, the FCC has case-by-case authority under the Communications Act of 1933 to go after companies that violate their customers' privacy, or engage in unfair or unjust practices, explains Dallas Harris, a policy fellow with consumer advocacy group Public Knowledge. The agency used that authority last year when it fined Verizon for collecting customers' web browsing data without even mentioning it in their fine print, let alone giving them the chance to opt out. Still, without clear rules as to what counts as an invasion of privacy, consumers too often are left guessing about how providers can use their data.
A few possibilities exist for closing this gap and restoring consistent rules. The FCC could issue new privacy guidelines and hope they aren't struck down for being too similar to the rescinded rules. Congress or the FCC could also try reversing the 2015 decision to reclassify internet providers as common carriers. But because the country's largest internet providers also sell voice services, the courts may still rule that the FTC has no authority to impose privacy rules. In that case, Congress could pass new legislation that would give the agency authority over common carriers.
That still wouldn't stop your ISP from selling your data without asking for explicit permission. But it would restore some semblance of order to the rules. If politicians were serious about consistency and restoring the FTC's authority, they should have started with that. Instead, they chose a path that preserves inconsistency and creates even more confusion. The only thing it clarifies is that your privacy remains as compromised as ever.
