Ajit Pai is chairman of the Federal Communications Commission. Maureen Ohlhausen is acting chairman of the Federal Trade Commission.
April Fools’ Day came early last week, as professional lobbyists lit a wildfire of misinformation about Congress’s action — signed into law Monday by President Trump — to nullify the Federal Communications Commission’s broadband privacy rules. So as the nation’s chief communications regulator and the nation’s chief privacy enforcer, we want to let the American people know what’s really going on and how we will ensure that consumers’ online privacy is protected.
Let’s set the record straight: First, despite hyperventilating headlines, Internet service providers have never planned to sell your individual browsing history to third parties. That’s simply not how online advertising works. And doing so would violate ISPs’ privacy promises. Second, Congress’s decision last week didn’t remove existing privacy protections; it simply cleared the way for us to work together to reinstate a rational and effective system for protecting consumer privacy.
Both of us warned two years ago that the FCC’s party-line vote to strip the Federal Trade Commission of its jurisdiction over Internet broadband providers was a mistake that would weaken Americans’ online privacy. Up until that decision, the FTC was an effective cop on the privacy beat, using a consistent framework for protecting privacy and data security throughout the entire Internet ecosystem. Indeed, under that framework, the FTC carried out more than 150 enforcement actions, including actions against some of the nation’s largest Internet companies.
But in 2015, the FCC decided to treat the Internet like a public utility, taking away the FTC’s ability to police the privacy practices of broadband providers. This shifted responsibility from the agency with the most expertise handling online privacy (the FTC) to an agency with no real experience in the field (the FCC). As we feared, this 2015 decision has not turned out well for the American people.
During the Obama administration, the FTC concluded that “any privacy framework should be technology neutral” because “ISPs are just one type of large platform provider” and “operating systems and browsers may be in a position to track all, or virtually all, of a consumer’s online activity to create highly detailed profiles.” But the FCC didn’t follow this guidance. Instead, it adopted rules that would have created a fractured privacy framework under which ISPs would have been subject to one standard and content providers would have been subject to another. The Obama FTC, in a unanimous bipartisan comment, criticized this approach as “not optimal.” In Washington-speak, that’s a major rebuke.
The FCC’s regulations weren’t about protecting consumers’ privacy. They were about government picking winners and losers in the marketplace. If two online companies have access to the same data about your Internet usage, why should the federal government give one company greater leeway to use it than the other?
Some argue that Internet service providers should be treated differently because they have access to more of your personal information than companies such as Google and Facebook. But that’s not true. As Peter Swire, President Bill Clinton’s chief counselor for privacy and President Barack Obama’s special assistant for economic policy, explained in a paper he co-wrote for Georgia Tech’s Institute for Information Security and Privacy, “ISPs have neither comprehensive nor unique access to information about users’ online activity. Rather, the most commercially valuable information about online users . . . is coming from other contexts,” such as social-media interactions and search terms.
Others argue that ISPs should be treated differently because consumers face a unique lack of choice and competition in the broadband marketplace. But that claim doesn’t hold up to scrutiny either. For example, according to one industry analysis, Google dominates desktop search with an estimated 81 percent market share (and 96 percent of the mobile search market), whereas Verizon, the largest mobile broadband provider, holds only an estimated 35 percent of its market.
As a result, it shouldn’t come as a surprise that Congress decided to disapprove the FCC’s unbalanced rules. Indeed, the FTC’s criticism of the FCC’s rules last year noted specifically that they “would not generally apply to other services that collect and use significant amounts of consumer data.”
Put simply, the Chicken Little-like reaction doesn’t make any sense, particularly when compared with the virtual silence when the FCC stripped away existing privacy protections in 2015. But we understand that more needs to be done to protect online privacy. The American people deserve a comprehensive framework that will protect their privacy throughout the Internet. And that’s why we’ll be working together to restore the FTC’s authority to police ISPs’ privacy practices. We need to put the nation’s most experienced and expert privacy cop back on the beat, and we need to end the uncertainty and confusion that was created in 2015 when the FCC intruded in this space.
In short, the Obama administration fractured our nation’s online privacy law, and it is our job to fix it. We pledge to the American people that we will do just that.