Ajit Pai is chairman of the Federal Communications Commission. Maureen Ohlhausen is acting chairman of the Federal Trade Commission.
April Fools’ Day came early last week, as professional lobbyists lit a wildfire of misinformation about Congress’s action — signed into law Monday by President Trump — to nullify the Federal Communications Commission’s broadband privacy rules. So as the nation’s chief communications regulator and the nation’s chief privacy enforcer, we want to let the American people know what’s really going on and how we will ensure that consumers’ online privacy is protected.
Let’s set the record straight: First, despite hyperventilating headlines, Internet service providers have never planned to sell your individual browsing history to third parties. That’s simply not how online advertising works. And doing so would violate ISPs’ privacy promises. Second, Congress’s decision last week didn’t remove existing privacy protections; it simply cleared the way for us to work together to reinstate a rational and effective system for protecting consumer privacy.
Both of us warned two years ago that the FCC’s party-line vote to strip the Federal Trade Commission of its jurisdiction over Internet broadband providers was a mistake that would weaken Americans’ online privacy. Up until that decision, the FTC was an effective cop on the privacy beat, using a consistent framework for protecting privacy and data security throughout the entire Internet ecosystem. Indeed, under that framework, the FTC carried out more than 150 enforcement actions, including actions against some of the nation’s largest Internet companies.
But in 2015, the FCC decided to treat the Internet like a public utility, taking away the FTC’s ability to police the privacy practices of broadband providers. This shifted responsibility from the agency with the most expertise handling online privacy (the FTC) to an agency with no real experience in the field (the FCC). As we feared, this 2015 decision has not turned out well for the American people.
During the Obama administration, the FTC concluded that “any privacy framework should be technology neutral” because “ISPs are just one type of large platform provider” and “operating systems and browsers may be in a position to track all, or virtually all, of a consumer’s online activity to create highly detailed profiles.” But the FCC didn’t follow this guidance. Instead, it adopted rules that would have created a fractured privacy framework under which ISPs would have been subject to one standard and content providers would have been subject to another. The Obama FTC, in a unanimous bipartisan comment, criticized this approach as “not optimal.” In Washington-speak, that’s a major rebuke.
The FCC’s regulations weren’t about protecting consumers’ privacy. They were about government picking winners and losers in the marketplace. If two online companies have access to the same data about your Internet usage, why should the federal government give one company greater leeway to use it than the other?
Some argue that Internet service providers should be treated differently because they have access to more of your personal information than companies such as Google and Facebook. But that’s not true. As Peter Swire, President Bill Clinton’s chief counselor for privacy and President Barack Obama’s special assistant for economic policy, explained in a paper he co-wrote for Georgia Tech’s Institute for Information Security and Privacy, “ISPs have neither comprehensive nor unique access to information about users’ online activity. Rather, the most commercially valuable information about online users . . . is coming from other contexts,” such as social-media interactions and search terms.