The House of Representatives passed a Congressional Review Act (CRA) repeal on Tuesday of the toughest online privacy standards ever enacted by a federal agency. The CRA repeal reverses the Federal Communications Commission’s ban on the default collection of browsing history, app usage, and other user data by internet service providers like Comcast and AT&T.
Republicans passed the Congressional Review Act (CRA) resolution along a 215-205 largely party-line vote, repealing the rules put in place by the FCC in October as an outgrowth of net neutrality, and permanently barring the agency from enacting similar rules in the future.
The CRA repeal of the broadband privacy rules marks the 15th use of the law by Republicans since President Donald Trump took office, primarily to wind back Obama-era regulations. Trump has signed seven into law so far, and Republicans in the Senate already passed their own CRA repeal of the privacy rules in a 50-48 party-line vote last week. All that awaits full repeal is the president’s signature.
Republicans have made use of the CRAs their top example of accomplishment since Trump took office, and especially after the failure of the party’s Obamacare repeal and replace plan. On Monday, House Majority Leader Kevin McCarthy issued a tally of CRAs passed by the House, saying Americans “want to live their lives without having to constantly look to Washington for approval.”
“President Trump’s signature on these resolutions brings our neighbors across the country relief from the heavy hand of government,” McCarthy said.
FCC privacy rules raised the government-wide privacy standard enacted by the Federal Trade Commission by compelling internet service providers (ISPs) to get permission from subscribers before collecting personal data including browsing history, app usage, and location data. Those categories were fair game under FTC rules, which only require prior consent for sensitive collection like heath and financial data.
The FCC will now police the privacy compliance of ISPs on a case-by-case basis based on Section 222 of the Communications Act — lighter restrictions on what telephone providers can do with customer proprietary network information. The ultimate goal of Republicans in Congress, the FCC, and the FTC is to return privacy regulation of ISPs to the FTC. The agency oversaw ISPs before the FCC’s net neutrality rules brought ISPs under FCC jurisdiction in 2015.
Supporters of the repeal say it will bring market parity back to the online ecosystem, applying the same rules to ISPs and edge providers like Google and Facebook, already the dominant force in the online targeted advertising space. Had the rules remained in place, they argue, edge providers would have been given a default advantage, since they’re subject to the less restrictive FTC rules.
“Last year, the Federal Communications Commission pushed through, on a party-line vote, privacy regulations designed to benefit one group of favored companies over another group of disfavored companies,” Republican FCC Chairman Ajit Pai said after the vote. “Appropriately, Congress has passed a resolution to reject this approach of picking winners and losers before it takes effect.”
Pai voted against the rules as a commissioner last year and stayed the rules before they took effect after becoming chairman.
“Moving forward, I want the American people to know that the FCC will work with the FTC to ensure that consumers’ online privacy is protected through a consistent and comprehensive framework,” he continued. “In my view, the best way to achieve that result would be to return jurisdiction over broadband providers’ privacy practices to the FTC, with its decades of experience and expertise in this area.”
Opponents, a group made up of mostly Democrats and net neutrality supporters, say the repeal gives online users less control over their privacy and what their ISPs know about them.
“With this measure, Republicans turn their backs on the 75 percent of Americans who want more control over their internet privacy,” House Minority Leader Nancy Pelosi said before the vote. “Most Americans have no or limited choices for broadband providers and no recourse against these invasions of their privacy.”
The repeal of the FCC rules takes with it new requirements for ISPs to notify subscribers and authorities faster in the event of cyberattacks or intrusions, making sensitive user data less safe, critics further argue.
“Americans learned last week that agents of Russian intelligence hacked into e-mail accounts to obtain secrets on American companies, government officials and more,” Pelosi wrote to ISPs Tuesday. “This resolution would not only end the requirement you take reasonable measures to protect consumers’ sensitive information, but prevents the FCC from enacting a similar requirement and leaves no other agency capable of protecting consumers.”
The White House announced its support for the CRA repeal prior to Tuesday’s vote.