ONLINE PRIVACY – For Sale or at Risk?

There has been some reporting lately on recent legislation passed in the House of Representatives that has eliminated online privacy rules adopted last October by the Federal Communications Commission.  The very short story is that Internet Service Providers, who were required under those FCC rules to obtain the express consent of customers before selling search information and other data, will not be required to do so.

There are two schools of thought on this action.  On the one hand, privacy proponents are concerned that repealing the rules further erodes consumer privacy to an alarming degree.  The Electronic Frontier Foundation has been very vocal on the point.  The EFF has pointed out that without the rules in place, ISPs will be able to do some creepy things in its view.   A big concern for the EFF is that ISPs will be able to review a consumer’s browsing history and then inject ads into the consumer’s traffic based on that history.  ISPs could also insert undetectable   and undeletable tracking cookies to monitor a consumer’s browsing history.  These are sometimes called “zombie cookies” because they cannot be killed.  Yikes.

On the other side of the coin are the folks at RedState, who believe the concern is overblown.   In their view, this is simply a matter of leveling the playing field.  Google and Facebook, who gather and sell consumer data as an integral part of their business models, aren’t subject to the FCC rules.  The reason for this is that ISPs are considered “common carriers” (indeed, several of them – AT&T and Verizon for example – offer phone service). That designation makes ISPs subject to FCC regulation.  Google and Facebook are not.  For free market advocates, imposing one set of rules on ISPs that don’t apply across the market is an example of the government “picking winners and losers.”

Privacy advocates would argue that ISPs have access to the entire scope of a consumer’s Internet usage, whereas Google and Facebook are only one part of a consumer’s usage.   They also contend that in some areas, residents really have no choice about the ISP.  That results in a trade- off between internet access and personal privacy.  And while that trade-off is inevitable to a degree, eliminating the rules exacerbates the situation.

The RedState position is that the trade-off is not so onerous that ISPs should be denied online advertising revenue that Google and Facebook are raking in.

Still not sure where you stand on this one?  I don’t blame you.  I thought this piece was pretty even handed.

But the bigger issue may ultimately be a regulatory vacuum.  Generally, the Federal Trade Commission has taken the lead on privacy regulation.  The FTC Act provides pretty broad authority to that agency to combat “unfair” and “deceptive” practices.  It’s pretty easy to fit inadequate privacy practices into either or both of those categories. But if ISPs are common carriers they may not be subject to FTC regulation – only the FCC would have jurisdiction.  And if the FCC rules are eliminated, then the field may be unlevel once more – but this time tilted in favor of the unregulated ISPs.

What this episode demonstrates more than anything else is the need for a coherent privacy approach across the board.  Any sports fan can tell you that what is most needed from officials is consistency.