On March 31, the Federal Communications Commission (FCC), voting 3-2 along party lines, adopted a Notice of Proposed Rulemaking (NPRM) to establish a set of regulatory data security and privacy rules for broadband Internet access service providers (ISPs). If approved, these proposed rules would regulate how ISPs use and share consumer data. The FCC has commenced a comment period—comments are due May 27, 2016, and reply comments are due June 27, 2016.
In its 2015 Open Internet Order (Order), the FCC reclassified ISPs as “common carriers,” which are subject to certain privacy protections of Title II of the Communications Act of 1934 (Act). Although section 222 of the Act (Section 222) was included, the FCC conceded that its existing Consumer Proprietary Network Information (CPNI) rules were specific to voice services and would not apply to ISPs. The FCC noted then that this NPRM would be forthcoming. (See our LawFlash discussing the Order: FCC Adopts Open Internet (Net Neutrality Rules).)
Beyond imposing new rules on ISPs, the FCC’s reclassification may have ultimately dispossessed the Federal Trade Commission (FTC), much to its opposition, of its jurisdiction over ISP privacy violations, because common carriers are an exception to the FTC’s consumer marketplace enforcement authority. In the NPRM, the FCC reasons that “the current federal privacy regime, including the important leadership of the [FTC] . . . does not now comprehensively apply the principles of privacy protection to these 21st century telecommunications services provided by broadband networks. That is a gap that must be closed...”