Editor’s note: This commentary is by Daniel Lyons, who is a visiting scholar with the American Enterprise Institute’s Center for Internet, Communications, and Technology Policy, and an associate professor at Boston College Law School, where he specializes in telecommunications and internet regulation, as well as administrative law.
[O]n April 3, President Trump signed a joint congressional resolution — passed in late March via the Congressional Review Act — repealing Federal Communications Commission’s (FCC) privacy rules, prompting an unusual amount of misleading sturm-und-drang. Understanding what’s really at stake requires a deeper exploration of this issue to dispel myths and recognize realities.
There is a common misconception that Congress stripped Americans of their privacy rights. In reality, they did not. The joint resolution repealed an FCC order that was not scheduled to take effect until later this year. By repealing these rules, Congress preserved the status quo and consumers should see no difference because the law today is the same as it has been since at least 2015.
It is also important to note that ultimately, consumers control their data, a fact that mitigates fears of companies collecting information and selling it without consumers’ knowledge. Federal Trade Commission (FTC) guidelines require notification regarding data collection and usage, and also give consumers the power to “opt out.” These rules governed the internet ecosystem until 2015 when the FCC reclassified broadband providers as common carriers and stripped the FTC of its jurisdiction. The FCC tried to impose an opt-in rule, rather than the FTC’s opt-out rules. However, the difference between the FCC and FTC approaches is not a choice between privacy and no privacy, but a difference in method.
Broadband providers can’t really “see” all traffic — they can only gather information on activities at home, while Google can capture data anywhere a person is logged into a Google account or using a Google operating system.
Â
Other headlines have suggested that Congress has prevented the FCC from passing new privacy rules in the future, when the truth is that the FCC may pass any rules that are not “substantially the same,” likely including rules that mimic the FTC approach. Privacy advocates say this prohibits the FCC from passing any privacy rules, which is highly unlikely. A new FCC privacy rule adopting the FTC’s opt-out legal framework would impose different obligations, and is therefore unlikely to be considered “substantially the same.”
Additionally, it is a common misunderstanding that ISPs know more about you than leading-edge providers like Google. Broadband providers can’t really “see” all traffic — they can only gather information on activities at home, while Google can capture data anywhere a person is logged into a Google account or using a Google operating system. And Google and Facebook, which collect two of every three digital advertising dollars, can capture content, while ISPs can only see metadata and traffic flow.
In reality, consumers have many privacy options, including the aforementioned opt-out functions, as well as via the use of virtual private networks — all of which remain unchanged by Congress’ action.
Consumer information is the lifeblood of the internet. That our information is routinely collected by many companies is not necessarily problematic. Monetization of consumer data is what helps make Gmail, Facebook and YouTube free — and might someday bring broadband prices down. We cannot consider rules affecting the availability of that information without considering the consequences such rules will have on the broader internet experience.
It took guts to vote for the congressional resolution in question, especially considering the scope and intensity of the blowback involved and I applaud those who ignored the rhetoric and did the right thing.