LAST OCTOBER THE agency passed a set of rules that would have required internet providers to take steps to protect your private data from hackers, notify you if someone hacked your data, and require your explicit permission before selling your data. Today the FCC suspended the data security rules from that package before they took effect1.
“The Federal Communications Commission and the Federal Trade Commission are committed to protecting the online privacy of American consumers,” FCC chairman Ajit Pai and Federal Trade Commission chairman Maureen K. Ohlhausen said in a joint statement today. “We believe that the best way to do that is through a comprehensive and consistent framework.”
The move may head off a congressional review of the rules that could have hobbled the FCC’s ability to make new privacy regulations in the future. The agency will now likely pass a set of less stringent rules more in line with the way the FTC regulates websites like Facebook and Google. If the FTC does at some point require websites to seek explicit permission before selling your data, the FCC may then follow suit for internet providers. Neither agency responded to a request for comment, but Pai has said in the past that he believed having divergent rules for websites and ISPs would lead to confusion among consumers. We’re not sure you’re going to find the new status quo exactly crystal clear.
Protecting internet privacy has traditionally fallen to the FTC. But in 2015, the FCC reclassified internet providers as utility-like “common carriers,” a change that enabled the agency to enforce net neutrality rules banning internet providers from discriminating against or favoring particular websites or apps. Last year as result of a lawsuit filed by AT&T, a federal court decided that because internet providers now qualify as common carriers, the FTC no longer has authority over them. Responsibility for regulating how internet access providers manage privacy instead fell to the FCC, while the way websites like Facebook and Google manage privacy remained the FTC’s responsibility.
Shortly after the court’s decision, the FCC set about creating a set of stricter privacy rules. The biggest and most controversial difference between the FCC’s newer rules and the FTC’s rules was the ban on selling customer data without explicit permission.
Your internet provider has a view of of your most intimate online activities. Although Google uses encryption to prevent prying eyes from seeing your online searches, your internet provider can see what websites you visit, when you visit them, and how much time you spend there.
In 2012, Verizon began tracking its wireless customers’ activities across the internet. It then used that data to target ads on the various sites it owns, such as the Huffington Post. Eventually the company gave customers the option to opt out of that tracking, and later it limited tracking your behavior on Verizon-owned sites only. The FCC’s newer rules will ban Verizon or any other provider from similar data collecting without getting customers’ permission, unless the Congress or the FCC overturn them before they go into effect, which could happen as early as December. Pre-existing FCC rules already ban providers from tracking customers without at least notifying them, but unless the new, more stringent rules take effect, telcos will have much more freedom to sell your data.
Pai has opposed the rules all along, saying that they favored companies like Google and Facebook over internet providers like Comcast and Verizon. But privacy advocates argue that suspending the rules without replacing them actually favor the country’s Comcasts and Verizons, since they won’t face the same data security rules the FTC requires of websites.
Regulations letting both internet access providers and websites sell your data may be consistent. But that doesn’t mean they make sense.
1Correction at 10:37am ET on 3/2/2017: An earlier version of this story said that the FCC had suspended the entire online privacy order, including the rules that prevent providers from selling personal information without permission. The FCC’s stay only covers the data security section of the order. The headline and text of the article have been updated to reflect this.
source: wired.com by