Do New FCC Online Privacy Rules Achieve Balance Between Justice and Efficiency?

[IS] Opinions

Technology

Do New FCC Online Privacy Rules Achieve Balance Between Justice and Efficiency?

Posted to Technology November 01, 2016 by Frederik T. de Ridder

Effective regulatory approaches in the digital economy are rightly a topical concern globally. While European Union and U.S. approaches to online privacy regulation differ in form, real effects on innovation trends will become observable only in the longer term.

Right now, regulators seeking to extend privacy norms to digital services need to face trade-offs between justice and efficiency as a matter of course. The principal regulatory challenge is seated in the difficulty of achieving the right balance so as to engender innovation while simultaneously asserting user property rights and privacy. The question is whether the Federal Communications Commission’s new online privacy rules will achieve that balance.

In a digital age, conventional regulatory frameworks overly reliant on geography are fast becoming irrelevant. Regulators are in uncharted territory. Hence, great care should be taken to ensure actions are not simply aimed at avoiding the obsolescence of regulators, but rather at creating an environment optimal for sustained innovation.

This includes avoiding a bias toward established firms, potentially discouraging start-up innovation. Actions should increase the interest in continually seeking out better technologies and services. Rules should be accessible, evolving as innovators seek out new boundaries. In this regard, regulatory certainty does associate positively with greater innovation.

Regulatory asymmetry does negatively affect efficiency, as the burden of compliance falls unequally across different firms and industries. One adverse result is impaired competition, which may reduce innovation. The FCC’s rules affect a fraction of a vast, interconnected ecosystem. Rules will apply only to a set of services when provided by broadband providers, but the same services are not obligated to comply if they are offered by Internet companies.

In contrast, the merit of the E.U. approach is that the same standard applies across the board, eliminating asymmetry and providing users with the assurance that the same protections apply.

Ultimately, the test for respective E.U. or U.S. approaches will be whether trade-offs between justice/efficiency are appropriately managed through time.

Government intervention aimed at addressing competing interests of firms and users should avoid transferring unnecessary costs to private firms, negatively affecting future investment in innovation. That said, incentives for firms to gather as much information as possible are significant, and social costs (property rights ambiguity or data-theft) are not typically internalized by firms. Hence, benefits arising from data collection are largely privatized while risks are largely socialized — this is a market failure rules should address.

The E.U. recently adopted the General Data Protection Regulation (GDPR), applicable across all member states, “to enhance data protection rights of individuals and … improve business opportunities by facilitating the free flow of personal data in the digital single market.”

A principal weakness of the E.U. approach may prove to be its centralization of adjudication powers with the commission, instead of a more balanced distribution across sectoral regulatory authorities — the E.U. appears to have prioritized justice over efficiency.

In contrast, the United States now has two divergent approaches: a light-touch, ex post approach by the Federal Trade Commission focusing on the sensitivity of information (for internet companies) and a heavy ex ante approach by the FCC for all broadband providers, regardless of information-type.

Whether or not it was not incumbent on the the FCC to develop new rules is debatable. Evidence that the FTC was failing in its job to police both internet companies and broadband providers appears lacking. The FCC could have adopted privacy rules and harmonized them with the FTC, seeking to strike a balance between the inalienable right to privacy and the inevitable collection of information by service providers. However the FCC has chosen to adopt its own set of the rules independent of the FTC, potentially placing the United States on a back-foot relative to the E.U.

Transparent and simple regulations that balance the necessary freedom required by firms to innovate with the right of individuals to assert control over their information are likely to have the most sustaining positive effect on longer term innovation trends. At this point the best outcome would be for Congress to enact comprehensive privacy reform (similar to E.U.’s GDPR).

This scenario does provide more time for negotiation with the public and private firms to ensure balance between justice and efficiency trade-offs, eliminate regulatory asymmetry, and ensure consistent protection for consumers across the board. Congress could pursue a supporting legislative agenda (with the benefit of ex post observation of market responses) for digital services extending the right to privacy as enshrined in the Fourth Amendment.