Democrats opposed to Republicans’ repeal of FCC privacy rules for internet providers last week are now questioning providers on whether their privacy policies will change to take greater advantage of collecting and monetizing subscriber data.
Democratic Sens. Ed Markey and Elizabeth Warren of Massachusetts, Bernie Sanders and Patrick Leahy of Vermont, and others want the biggest internet service providers (ISPs) in the U.S. to clearly explain how they plan to collect and use customer data, including browser history, following the repeal of the toughest federal privacy rules ever passed.
“ISPs can use this privileged position to collect and use sensitive information about subscribers, including precise geo-location, financial information, and web and app usage history,” lawmakers wrote to AT&T, Verizon, Comcast and others this week. “Yet, many consumers have limited choice for broadband service and cannot necessarily change ISPs if their privacy and security protections are not transparent or strong.”
“Given this limited choice,” they continued, “we urge your company to provide your subscribers with the same level of privacy and security protections as stipulated in the FCC’s broadband privacy order.”
Both chambers of the Republican-controlled Congress voted along party lines to repeal the rules via the Congressional Review Act (CRA) in the past two weeks. The CRA also bars the FCC from passing similar rules in the future. President Donald Trump signed the resolution Monday, striking from the books rules that would have compelled ISPs to get permission from subscribers before collecting data including browser history and app use.
Now Democrats want ISPs to specifically detail whether they: seek opt-in consent from customers before collecting sensitive data or offer customers the ability to opt-out of collection; force customers to share data or cancel service; offer “pay for privacy” deals; disclose what they collect and how it’s used; whether and how ISPs de-identify or anonymize data; what cybersecurity measures they use; how they notify customers of a breach and other details.
They also asked for details on any changes ISPs have made to their privacy policies since the repeal was passed.
“We strongly disagree with the CRA resolution, and believe that broadband providers should follow strong privacy and security rules that give consumers control over how their information is used and shared, as well as confidence their information will be protected,” Democrats wrote. “In light of this congressional action, we write to ask how your company plans to protect the privacy of the millions of Americans who rely on your services to connect to the internet.”
The information Democrats requested can usually be found in the privacy policies users agree to when signing up for a service, though privacy advocates say companies often bury that information in dense legalistic wording that most subscribers don’t bother to read.
Opponents and mainstream media have contributed to a widespread misinformation campaign about the rules, which never actually went into effect, with claims like this one included in a press release accompanying Democrats’ letter: “Without these broadband privacy rules in place, broadband providers can use, share, and sell Americans’ sensitive information about their health, finances, and families without permission.”
Providers themselves have attempted to correct the record — including the fact that collecting the aforementioned information is still illegal without prior permission. The Republican chiefs of both the FCC and Federal Trade Commission, who opposed the rules passed during the Obama administration, also weighed in on the misconceptions this week.
“April Fools’ Day came early last week, as professional lobbyists lit a wildfire of misinformation about Congress’s action — signed into law Monday by President Trump — to nullify the Federal Communications Commission’s broadband privacy rules,” FCC Chairman Ajit Pai and acting FTC Chairwoman Maureen Ohlhausen wrote in The Washington Post. “So as the nation’s chief communications regulator and the nation’s chief privacy enforcer, we want to let the American people know what’s really going on and how we will ensure that consumers’ online privacy is protected.”
Pai and Ohlhausen said they plan to work together to enforce the FTC’s privacy standard, which forbids the collection of sensitive data on children, health and financial information without user permission, until they can return privacy oversight to the FTC. The agency oversaw the privacy policies of ISPs alongside edge providers like Google and Facebook before the FCC’s net neutrality order in 2015.