The new Federal Communications Commission’s rules intended to limit how companies like AT&T, Comcast, Verizon, and Charter can use internet customers’ sensitive personal information are effectively dead in the water, thanks to a House of Representatives vote today to kill the regulations, making sure internet service providers can use and sell user data.
The final vote was 215 to repeal the privacy rules with 205 votes to keep them in place. Voting was mostly along party lines, though 15 Republicans broke rank to vote against the resolution. No Democrats voted in its favor.
The Senate has already approved this resolution, meaning it only awaits the signature of President Trump to undo the FCC regulations.
The rules, finalized in October by the FCC, effectively divide the data that your ISP has about you and your browsing habits into two categories.
The first category is sensitive data. ISPs would have been prevented from using the following information without your permission:
• Geographic location
• Children’s information
• Health information
• Financial information
• Social Security numbers
• Web browsing history
• App usage history
• The content of communications
The second category includes less-sensitive, but still personal data. ISPs would have been allowed to use this information, but would have been required to allow users the opportunity to opt out of having the following shared:
• Your name
• Your address
• Your IP address
• Your current subscription level
• Anything else not in the “opt in” bucket.
The rules were immediately opposed by ISPs and their lobbyists, who said the regulations were unfair because they did not place the same restriction on content companies Google and Netflix — while glossing over the fact that the FCC has no authority to regulate what Google and Netflix do with their user information.
Republican lawmakers are using the Congressional Review Act to roll back this regulation. The CRA allows lawmakers to issue resolutions of disapproval on new, major regulations. For a CRA resolution to be enacted, it must be passed by a majority in both the House and Senate, then signed by the President.
Until the Trump administration, this law had only been used successfully once in its 20-year history. Congress has already passed more than ten CRA resolutions on to the White House in just the last couple of months. President Trump is expected to sign the resolution killing the internet privacy rule.
Despite the overwhelming GOP vote in favor of this resolution, Rep. Michael Burgess (TX) was one of the few Republicans on hand during the early afternoon session to argue for rolling back the FCC privacy rules.
Burgess referred to these regulations as “duplicative” and twice read directly from the website of the Federal Trade Commission, noting that the FTC has long been the consumer privacy enforcer for the federal government — while failing to recognize that the recent reclassification of broadband as a “common carrier” piece of vital telecommunications puts it fully under the FCC’s regulatory umbrella, meaning the FTC can’t enforce privacy regulations on broadband providers.
In fact, the FTC Act has an explicit exception for common carriers, meaning it has no legal authority to regulate broadband providers. We know this because AT&T successfully used this exception to wriggle out of an FTC lawsuit in 2016.
On the Democratic side of the early afternoon’s debate, no one was more vehemently against the CRA resolution than Rep. Michael Capuano of Massachusetts.
“What the heck are you thinking?” Capuano hollered to a mostly empty GOP side of the hall. “Give me one good reason why Comcast should know what my mother’s medical problems are?… Just last week I bought underwear on the internet. Why should you know what size I take? Or the color, Or any of that information?”
Capuano challenged Burgess to go out and find three people on the street who actually agreed with the assertion that Comcast, Verizon, et al, actually need this data.
He said that Rep. Burgess was right to be concerned about the un-level playing field between the ISP privacy rules and those governing Google and Netflix, but countered that “You don’t level the playing field by lowering it.”
Rep. Jared Polis (CO) pointed out that using the CRA to roll back the privacy rules was a nuclear option that could prevent the FCC from ever crafting meaningful privacy regulations. If the FTC decides to bolster consumer privacy protections for online content companies, the FCC might not be able to follow suit, as the CRA prevents regulatory agencies from drafting new rules that are overly similar to CRA-repealed regulations.
“I don’t anyone to take my information and make money off of it just because they can get their mitts on it,” added Rep. Anna Eshoo (CA). “Who do you go to complain to? No one, because there is nothing left to enforce.”
Rep. Marsha Blackburn (TN) — who has previously tried to kill the FCC’s net neutrality rules, and who just happened to have received nearly $80,000 from AT&T, Comcast, Verizon, and telecom lobbyists — argued that the FCC can still handle privacy issues on a “case by case” basis, and that the free market will prevent ISPs from going too far in exploiting customer data.
Rep. Bob Latta (OH), a supporter of the repeal resolution (and a recipient of more than $60,000 in campaign contributions from companies affected by the rules), recommended legislation that would clarify that the FTC has authority to regulate ISPs’ privacy matters. In response, Rep. Mike Doyle (PA) suggested that maybe the GOP should have gone that route rather than using the CRA to prevent the FCC from ever issuing meaningful privacy guidelines.
Regarding the argument that the FTC is doing a good job of regulating consumer privacy issues, Capuano pointed to the CloudPets doll and other toys that allegedly collected user data, or Vizio TVs that watched viewers back. Why would consumers want to put ISPs under such lax privacy controls, asked the Congressman.