There are a few things that are constant in this world: death, taxes, and the fact that every new administration rethinks regulations.
That can be a big problem, especially when it comes to consumer privacy rights. The rules that govern how companies collect, use and share consumers’ data shouldn’t ebb and flow like the tides. They should be cemented in place to give companies and consumers desperately needed assurance that the landscape won’t keep changing.
For years, privacy advocates like me have pushed for protections on consumer data collected on and offline. We urged that the U.S. Federal Trade Commission (FTC) be given additional resources to focus specifically on the misuse of consumer data collected offline and merged with online data.
Unfortunately, the FTC’s wings were clipped when another federal agency, the Federal Communications Commission, expanded its previously narrow privacy authority. While that might sound like something privacy advocates would applaud, it’s a move that’s only muddied the waters and, arguably, reduced protections for consumers’ online privacy.
The U.S. Federal Communications Commission’s (FCC) self-approved expansion of authority actually displaced the FTC entirely. FTC staff had consistently policed online privacy with an impressive level of authority and competency.
That not only left consumers’ privacy in limbo, it pushed innovators and startups into a chaotic, unpredictable regulatory landscape for all online products and services that make use of consumer data.
The confusion that resulted from this was compounded by the election. Before the FCC could even hire privacy experts or prepare policy pronouncements, a new commission was ready to walk through the door. That’s why it is long past time for Congress to impose some order on the privacy landscape. One easy thing Congress can do is return the FTC to its place as the top privacy cop on the internet beat.
The FCC’s privacy regulations displaced the bipartisan FTC-led privacy framework that has protected consumers online for the last 20 years — a period of unprecedented innovation and change. The FCC replaced that framework with a confusing patchwork of rules that (if enforced) seem to apply different standards to the same consumer data. That distorts the innovation economy without improving it for consumers.
Both Congress and the FCC are now considering revisiting the FCC’s approach.
While this is being sorted out it’s not tenable to have the government’s strongest privacy cop — the FTC — sidelined while the new online privacy cop sits in limbo and struggles with confusion over its own authority. Changes in the controversial net neutrality rules, for example, could undermine the FCC’s authority over privacy anytime.
This leaves a gap where consumers may not be protected and it leaves companies at sea unsure what rules to follow in building new products and coding new software.
This jurisdictional tussle over privacy needs to be resolved for the benefit of consumers and companies alike. The FCC’s rules create an inconsistent regulatory patchwork where consumers’ information would be protected differently, depending on which servers and routers their data happened to be crossing — one set of protections for internet service providers (ISPs), another for websites and apps — with the exact same data arbitrarily enjoying different levels of protection at different stops along the continuum.
That is not what internet users want or expect. They want consistent rules they can bank on to protect their privacy. Ninety-four percent of consumers believe all companies collecting their information online should work under the same set of rules — and they’re right. Inconsistent, bifurcated regulation of this kind will end up creating holes in the system, as consumers wrongly assume that privacy choices they make in one area will apply in another. And it places a costly and destructive drag on the fast moving digital economy, where standardization and interoperability are key.
The FCC’s assumption of online privacy authority also jeopardizes the United States’ privacy agreement with the European Union (EU). The Privacy Shield framework is predicated in part on the United States having a single, lead consumer privacy agency, and the dilution of the FTC’s authority puts this agreement at risk. The EU’s ability to restrict transatlantic data transfers, while sometimes challenging for businesses, increases the number of active privacy cops. Anything that threatens that agreement would be hugely disruptive to consumers on both sides of the Atlantic and would further reduce — at least temporarily — privacy reviews that benefit consumers.
Congress needs to reconsider and review the FCC’s rules, replacing this hodge podge with a rational system that restores the FTC’s role as the lead privacy enforcer.
That is the only way to yield the certainty innovators need to do what they do best: amaze us with new products, services, and hardware that enrich our lives.
More importantly, a consistent set of rules would do well to assuage consumer advocates’ concern that gaps in enforcement would delay critical privacy actions when companies are ignoring or outright abusing their data responsibilities to their customers.
Timothy Sparapani is the founder of consulting firm SPQR Strategies and a senior fellow at technology think tank CALinnovates. He previously worked as the the first public policy director for Facebook, a role that earned him a spot on Washingtonian’s top 40 under 40 lobbyists in 2011. He also previously worked as a senior legislative correspondent at the American Civil Liberties Union.
The views expressed by contributors are their own and are not the views of The Hill.