https://www.wsj.com/articles/settling-a-bureaucratic-turf-war-in-online-privacy-rules-1488413165
For two decades, the Federal Trade Commission has been
America's sole online privacy regulator. Under the FTC's
watch, our internet and data economy has been the envy of the
world. The agency's evidence-based approach calibrates
privacy and data-security requirements to the sensitivity of
information collected, used or shared online, and applies
protections in a consistent and evenhanded way across
business sectors. Consumer behavior demonstrates the success
of the FTC's regulatory approach: Each day people spend more
time engaging in online activities.
But in 2015, in a bid to expand its own power, the Federal
Communications Commission short-circuited the effectiveness
of the FTC's approach by reclassifying internet service
providers as common carriers, subject to Title II of the
Communications Act.
In taking that unprecedented action, the FCC unilaterally
stripped the FTC of its traditional jurisdiction over ISPs.
The FTC can no longer police the privacy practices of
providers, leaving us with a two-track system under which the
FCC applies its own set of rules for ISPs while the FTC
monitors the rest of the internet ecosystem.
Even after the 2015 power grab, the FCC could have simply
adopted as its own the FTC's successful sensitivity-based
model of privacy regulation. Instead--after last year's
election--the FCC finalized privacy regulations that deviate
extensively from the FTC framework in several key respects.
The FCC rules subject all web browsing and app usage data
to the same restrictive requirements as sensitive personal
information. That means that information generated from
looking up the latest Cardinals score or checking the weather
in Scottsdale is treated the same as personal health and
financial data.
The new rules also restrict an ISP's ability to inform
customers about innovative and cost-saving product offerings.
So much for consumer choice.
The FCC's overreach is a dangerous deviation from
successful regulation and common-sense industry practices.
But don't just take my word for it. The FTC concluded that
the FCC's decision to treat ISPs differently from the rest of
the internet ecosystem was ``not optimal--agency-speak for
``a really bad idea.''
Outside of the FTC's well-founded concerns, the new rules
are also a departure from bipartisan agreement on the need
for consistent online privacy rules. President Obama noted in
2012 that ``companies should present choices about data
sharing, collection, use, and disclosure that are appropriate
for the scale, scope, and sensitivity of personal data in
question at the time of collection.'' In other words, privacy
rules should be based on the data itself.
But that's not how the FCC sees it. The commission's rules
suffocate industry and harm consumers by creating two
completely different sets of requirements for different parts
of the internet.
To protect consumers from these harmful new regulations, I
will soon introduce a resolution under the Congressional
Review Act to repeal the FCC's flawed privacy rules. While
the resolution would eliminate those rules, it would not
change the current statutory classification of broadband
service or bring ISPs back under FTC jurisdiction. Instead,
the resolution would scrap the FCC's newly imposed privacy
rules in the hope that it would follow the FTC's successful
sensitivity-based framework.
This CRA resolution does nothing to change the privacy
protections consumers currently enjoy. I hope Congress and
the FCC will continue working together to address issues of
concern down the road. However, it is imperative for rule-
making entities to stay in their jurisdictional lanes. We
need to reject these harmful midnight privacy regulations
that serve only to empower bureaucrats and hurt consumers.