Telecommunications and Internet Service Providers

Today, the FCC voted to pass the Restoring Internet Freedom order, which repeals the 2015 “net neutrality” rules and reverts back to the “light regulatory” touch the FCC previously had in place regarding internet service providers (“ISPs”).  Of primary importance, the FCC restored the classification of Broadband Internet Access Services as “information services” under Title I of the Communications Act rather than as telecommunications services under Title II.  For purposes of data privacy and security, this reclassification (more specifically, the reversal of the 2015 reclassification) restores the jurisdiction of the Federal Trade Commission to act when broadband providers engage in anticompetitive, unfair, or deceptive acts or practices related to the security and privacy of online consumers.  While the FTC had such jurisdiction prior to the 2015 net neutrality order, they are prohibited from regulating common carriers, and so today’s order restores that jurisdiction.  Although the final order has not yet been published, today’s press releases outlines that today’s declaratory ruling, report and order, and order, will do the following:

Declaratory Ruling:

  • Restores the classification of Broadband Internet Access Service as an “information service” under Title I of the Communications Act – the classification affirmed by the Supreme Court in the 2005 Brand X case.
  • Reinstates the classification of mobile broadband internet access service as a private mobile service.
  • Finds that the regulatory uncertainty created by utility-style Title II regulations has reduced Internet service provider (ISP) investments in networks, as well as hampered innovation, particularly among small ISPs serving rural consumers.
  • Finds that public policy, in addition to legal analysis, supports the information service classification, because it is more likely to encourage broadband investment and innovation, thereby furthering the goal of closing the digital divide and benefitting the entire Internet ecosystem.
  • Restores broadband consumer protection authority to the Federal Trade Commission (FTC), enabling it to apply its extensive expertise to provide uniform online protections against unfair, deceptive, and anticompetitive practices.

Report and Order

  • Requires that ISPs disclose information about their practices to consumers, entrepreneurs, and the Commission, including any blocking throttling, paid prioritization, or affiliate prioritization.
  • Finds that transparency, combined with market forces as well as antitrust and consumer protection laws, achieve benefits comparable to those of the 2015 “bright line” rules at lower costs.
  • Eliminates the vague and expansive Internet Conduct Standards, under which the FCC could micromanage innovative business models.

Order

  • Finds that the public interest is not served by adding to the already-voluminous record in this proceeding additional materials, including confidential materials submitted in other proceedings.

The order was approved by Chairman Pai, and Commissioners O’Rielly and Carr, with dissents from Commissioners Clyburn and Rosenworcel.  Chairman Pai and Commissioners Clyburn, O’Rielly, Carr and Rosenworcel each issued separate statements.

A link to the press release is available here.

The draft order, issued in November, is available here.

Yesterday, the Federal Trade Commission (FTC) and Federal Communications Commission (FCC) announced their intent to coordinate which of the two agencies would coordinate online consumer protection efforts following the adoption of the Restore Internet Freedom Order, and published a draft Memorandum of Understanding (MOU) that outlines those efforts.

The draft MOU outlines a number of ways in which the FCC and FTC will coordinate and collaborate, including:

  • The FCC will review informal complaints concerning the compliance of Internet service providers (ISPs) with the disclosure obligations set forth in the new transparency rule. Those obligations include publicly providing information concerning an ISP’s practices with respect to blocking, throttling, paid prioritization, and congestion management. Should an ISP fail to make the required disclosures—either in whole or in part—the FCC will take enforcement action.
  • The FTC will investigate and take enforcement action as appropriate against ISPs concerning the accuracy of those disclosures, as well as other deceptive or unfair acts or practices involving their broadband services.
  • The FCC and the FTC will broadly share legal and technical expertise, including the secure sharing of informal complaints regarding the subject matter of the Restoring Internet Freedom Order. The two agencies also will collaborate on consumer and industry outreach and education.

 

The FCC is expected to vote on the order at its December 14 meeting. This order would reverse the 2015 “net neutrality” order reclassifying broadband Internet access service as a Title II common carrier service.  According to the FTC’s press release, one of the impacts of this reclassification was to “strip the FTC of its authority to protect consumers and promote competition with respect to Internet service providers because the FTC does not have jurisdiction over common carrier activities.”  By reversing the order, the FCC would return jurisdiction to the FTC to policy the conduct of ISPs with respect to their disclosures and privacy practices.  Once adopted, the order would require broadband Internet access service providers to disclose their network management practices, performance, and commercial terms of services.  The FTC could then police their implementation of those practices under the “unfair and deceptive practices” requirement under Section 5 of the FTC Act.

In response to the MOU, FCC Chairman Ajit Pai stated that the MOU “will be a critical benefit for online consumers because it outlines the robust process by which the FCC and FTC will safeguard the public interest. …  This approach protected a free and open Internet for many years prior to the FCC’s 2015 Title II Order and it will once again following the adoption of the Restoring Internet Freedom Order.”  Acting FTC Chairman, Maureen K. Ohlhausen, stated that “[t]he FTC is committed to ensuring that Internet service providers live up to the promises they make to consumers .. [and that] [t]he MOU we are developing with the FCC, in addition to the decades of FTC law enforcement experience in this area, will help us carry out this important work.”

FCC Commissioner Mignon Clyburn, who opposes the proposed order, released the following statement:  “The agreement announced today between the FCC and FTC is a confusing, lackluster,  reactionary afterthought: an attempt to paper over weaknesses in the Chairman’s draft proposal repealing the FCC’s 2015 net neutrality rules.  Two years ago, the FCC signed a much broader pro-consumer agreement with the FTC that already covers this issue. There is no reason to do this again other than as a smoke and mirrors PR stunt, distracting from the FCC’s planned destruction of net neutrality protections later this week.”

To view the MOU, click here.

On April 4, 2017, President Trump signed legislation repealing the Federal Communications Commission’s (FCC) privacy protections adopted in October 2016. The regulations, set to go into effect later this year, would have required internet service providers (ISPs) to adopt stricter consumer privacy protections than websites like Google and Facebook. Among other things, the regulations would have required ISPs to obtain consent before sharing sensitive customer proprietary information, take reasonable measures to secure customer proprietary information, provide notification to customers, the FCC and law enforcement in the event of data breaches, and not condition provision of service on the surrender of privacy rights.

The regulations were opposed by many ISPs who felt that they would be at a disadvantage to companies like Amazon, Google and Facebook, who are regulated by the Federal Trade Commission (FTC). Because these companies offer internet services, and do not provide internet connection, they are subject to the less restrictive FTC regulations. While many ISPs have promised not to sell proprietary customer information, these promises are voluntary. President Trump’s repeal leaves the states as the only real possible enforcer of ISP privacy regulations.

Vintage toned Wall Street at sunset, NYC.

Today, acting FTC Chairman Maureen K. Ohlhausen and FCC Chairman Ajit Pai issued a joint statement on the FCC’s issuance of a temporary stay of a data security regulation for broadband providers scheduled to take effect on March 2.  In their statement, they advocate for a “comprehensive and consistent framework”, so that Americans do not have to “figure out if their information is protected differently depending on which part of the Internet holds it.”

The Chairmen stated that for this reason, they disagreed with the FCC’s 2015 unilateral decision to strip the FTC of its authority over broadband provider’s privacy and data security practices, and believed that jurisdiction over broadband providers’ privacy and data security practices should be returned to the FTC, thus subjecting “all actors in the online space” to the same rules.

Until then, the joint statement provides, the two chairmen “will work together on harmonizing the FCC’s privacy rules for broadband provider with the FTC’s standards for other companies in the digital economy.”  The statement provides that the FCC order was inconsistent with the FTC’s privacy framework. The stay will remain in place only until the FCC is able to rule on a petition for reconsideration of its privacy rules.

In response to concerns that the temporary delay of a rule not yet in effect will leave consumers unprotected, the Chairmen agree that it is vital to fill the consumer protection gap, but that “how that gap is filled matters” – it does not serve consumer’s interests to create two separate and distinct frameworks – one for Internet service providers and another for all other online companies.

Going forward, the statement says, the FTC and the FCC will work together to establish a uniform and technology-neutral privacy framework for the online world.

To view the joint FTC and FCC statement, click here.

To view the FCC Order staying the regulation, click here.

Today, Vizio, Inc., agreed to pay $2.2 million to settle charges by the FTC and the New Jersey Attorney General that it installed software on its Smart TGVS to collect viewing data on 11 million consumer televisions without the consumers’ knowledge or consent. The $2.2 million payment includes a $1.5 million payment to the FTC, and a $1 million payment to the New Jersey Division of Consumer Affairs, although $300,000 will be suspended and vacated after 5 years upon compliance with the order.   In a concurring statement, Commission Ohlhausen supported the order, but questioned the FTC’s allegation that individualized television viewing activity falls within the definition of sensitive information.

The 2014 complaint alleged that Vizio and an affiliate company manufactures smart TVs that capture second-by-second information about video displayed on the Smart TV, including video from consumer cable, broadband, set-top box, DVD, over-the-air broadcasts, and streaming devices.  In addition, Vizio facilitated the integration of specific demographic information (e.g., sex, age, income, marital status, household size, educational level, home ownership, household value, etc.) to the viewing data.  Vizio then sold the information to third parties, who used it for various purposes, including targeted advertising to consumers across devices.

According to the complaint, Vizio touted its “Smart Interactivity” features that “enables program offers and suggestions”, but failed to inform consumers that the settings also enabled the collection of consumer’s viewing data. The complaint alleges that Vizio’s data tracking, – which occurred without viewer’s informed consent – was unfair and deceptive. The Complaint charges that the Defendants participated in deceptive and unfair acts in violation of Section 5 of the FTC act, and similar charges under the New Jersey Consumer Fraud Act, in connection with the unfair collection and sharing of consumers’ Viewing Data and deception concerning their “Smart Interactivity” features.

As part of the settlement, Vizio stipulated to a federal court order that:

  • Requires Vizio to prominently disclose and obtain affirmative express consent of its data collection and sharing practices;
  • prohibits misrepresentations about the privacy, security, or confidentiality of consumer information they collect;
  • requires Vizio to delete data collected before March 1, 2016; and
  • requires Vizio to implement (and review biennially) a comprehensive data privacy program.

In a concurring statement, Commissioner Ohlhausen supported Count II of the complaint, alleging that Vizio deceptively omitted information about its data collection and sharing program.  However, she expressed concern about the implications of Count I, which alleged that granular (household or individual) television viewing activity is sensitive information, and that sharing this viewing information without consent causes or is likely to cause  a “substantial injury” under Section 5 of the FTC Act.  Although Commissioner Ohlhausen acknowledged that there may be good policy reasons to consider such information, she states that the statute does not allow the FTC to find a practice unfair based primarily on public policy, and that this case demonstrates “the need for the FTC to examine more rigorously what constitutes ‘substantial injury” in the context of information about consumers. Ohlhausen indicated that she will launch an effort in the coming weeks to examine this issue further.

To view the stipulated order, click here.

To view Commissioner Ohlhausen’s concurring statement click here.

 

Fiber Optic cables and UTP Network cablesOn October 27, 2016, the FCC released rules to “empower consumers to decide how data are used and shared by broadband providers.”  In the order, the FCC defines information protected under Section 222 for telecommunications carriers as “customer proprietary information (customer PI)”, to include the following: (1) individually identifiable Customer Proprietary Network Information (CPNI), (2) personally identifiable information (PII) and (3) content of communications.  The FCC also adopts and explains its multi-part approach to determining whether data has been properly de-identified and is therefore not subject to the customer choice regime adopted by the FCC for customer PI. Much of the rules are modeled after FTC best practices and the White House Administration’s Consumer Privacy Bill of Rights. Continue Reading FCC Adopts Privacy Rules Protecting Broadband and other Telecommunications Customers