Last week, a group of House Republicans sent a letter to Federal Communications Commission (“FCC” or “Commission”) Chairman Ajit Pai asking the Commission to continue enforcing privacy promises made by internet service providers (“ISP”). In the wake of Congressional Republicans’ move to strike down privacy rules put in place for ISPs by the FCC last year before the election, the letter creates uncertainty, at least in the short-term, about how ISPs should treat customer information.
The letter urges Pai to hold ISPs to the privacy policies and promises made in customer agreements. To accomplish this goal, the letter cites the FCC’s authority under Sections 201 and 202 of the Communications Act, which give the Commission the authority to punish carriers for any unjust or unreasonable practices. However, unlike the privacy rules adopted under Chairman Tom Wheeler last year, the vagueness of the unjust/unreasonable standard creates serious doubt as to what practices might run afoul of Section 201 or 202, a concern noted by Commissioner Michael O’Rielly in the past when the Commission has taken action under Section 201.
The letter also highlights the awkward position in which the FCC finds itself as Chairman Pai attempts to roll back Chairman Wheeler’s reclassification of ISPs under Title II of the Communications Act. Chairman Pai favors allowing the Federal Trade Commission (FTC) to protect ISP customers’ privacy, but the FTC cannot regulate ISPs as long as they are Title II common carriers. Therefore, the FCC is left to enforce privacy concerns among ISPs until the Commission reclassifies ISPs as Title I information services, which both the House Republicans’ letter and Chairman Pai favor in the long-term.
For now, ISPs should continue looking to the FCC for privacy oversight, but just what that means is not clear. Given Chairman Pai’s belief that the FTC should take the lead on privacy enforcement, the FTC’s online privacy best practices may provide a guide to ISPs on what the FCC would view as an unjust or unreasonable practice. ISPs should also ensure that they follow through on their privacy policies or any promises included in terms of service or a customer agreement.
If you have any questions about your company’s privacy policies and how those policies could be affected by the FCC or FTC, please contact Linda McReynolds at firstname.lastname@example.org.