The House and Senate voted yesterday to overturn FCC Internet privacy regulations, which had been enacted in the final days of the Obama administration. The bill’s fate is now in the hands of Donald Trump. With the sweep of a pen, President Trump can repeal FCC regulations, which would prevent Internet Service Providers (ISPs) from tracking and selling an Internet user’s online behavior, without first obtaining their express consent.
The bill, which passed the Senate on Thursday, March 23rd, by a vote of 50 - 48, and the House of Representatives on Tuesday, March 28th, by a vote of 215 - 205, effectively guts the FCC’s efforts to establish an individual’s inherent right to privacy while browsing the Internet. Unless the bill is vetoed by the President, data collected by ISPs, during an individual’s use of the broadband online service, including one’s browsing history, acquisition history, IP address, and duration of time spent on third party sites, can lawfully be sold to the highest bidder without user consent, such as digital advertising and marketing firms.
The implications of this bill becoming law extend beyond the mere inconvenience of digital consumers having to endure a few more targeted, pop-up ads. The sale of Internet user history, means that such information is freely available in the market, making such data even more vulnerable to misuse and/or acquisition by a nefarious party. The data, behavior profiles and browsing preferences of people, using their everyday household computers to access the Internet from the faux-privacy of their homes, can now be targeted, bought and sold.
As a practical matter, the passing of the bill means that Internet users should continue to be wary of their online activity, and perhaps should look to employ their own additional, online security measures. One way to protect yourself and your online privacy is by using a virtual private network (VPN) to access the Internet. Routing online traffic through a VPN broadcasts only a single IP address, the VPN’s, to the provider, effectively blinding the ISP’s ability to track your web browsing. However, VPN use can have some drawbacks. Some companies block traffic to their website that comes from VPNs. Netflix, for example, blocks VPN traffic for the purpose of restricting streaming access in foreign countries, due to copyright laws and content licensing restrictions.
In addition to de-privatizing your online activity, repealing Obama-era privacy regulations on ISPs runs this risk of giving further fuel to the courts of the European Council to challenge the recently enacted EU/US Privacy Shield. The Privacy Shield provides a legal framework, whereby registered corporations, who collect personal data from EU citizens, can transfer such data freely to the United States. As the privacy laws of the US are not currently considered “adequate” under EU law, any transfer of EU personal data (which - as of May 2018 - will include cookies, browsing history and IP addresses) to the US, occurring outside the Privacy Shield’s framework, is unlawful and subject to sanctions.
The striking down of the Privacy Shield would be a huge blow to transatlantic corporations and business. European courts previously struck down the Privacy Shield’s predecessor, the EU/US Safe Harbor, on the grounds that it did not provide enough protections to EU individuals’ privacy. By allowing ISPs to sell online user data without the user’s consent, there could be a scenario where personal data of an EU individual may be inadvertently exposed by a Privacy Shield-certified company’s online activity. Such exposure, occurring without the Privacy Shield-certified company’s knowledge or approval, potentially subverts the very assurances Privacy Shield certification is supposed to give notice of and provide.
Still others say that the FCC’s regulations in question create a bifurcated system of privacy enforcement in the U.S. between the FTC and the FCC. These advocates of the bill claim that, by virtue of the FCC passing the regulations last year, calling for more stringent privacy controls on ISPs than what the FTC rules had called for, the U.S. Government was effectively admitting the FTC regulations, upon which the Privacy Shield framework is structured, were insufficient. Such proponents of the bill say that the Obama-era FCC regulations actually serve to discredit the foundation on which the Privacy Shield framework is based, threatening its very existence. The European Union’s Data Protection Supervisor expressed his concerns on this matter last year stating, “In light of recent developments on U.S. enforcement, we also recommend clarification of the respective roles of the FCC and the FTC over broadband Internet Service Providers.” In any event, the Privacy Shield’s legitimacy is certain to be up for more discussion and scrutiny as a result of this Congressional vote.
Our office remains committed to protecting your privacy, providing you with the most up-to-date changes in the law. We will continue to watch this situation as it develops. If you run a business in California, call our office today to ensure you are in proper compliance with all applicable State and federal regulations.
Read More Here:
About the Author: Michael W. Schroeder is a Certified Information Privacy Professional (CIPP-US), certified by the International Association of Privacy Professionals (IAPP), and a licensed attorney in good standing in the State of California.