New Hampshire legislators are considering an amendment they hope will “restore” Internet privacy rights.
This effort is in response to a recent Congressional vote to overturn what has been deceitfully described as a Federal Communications Commission (FCC) “privacy” rule.
Naturally, this clever marketing trick has left many concerned that Congress’ vote has given Internet Service Providers (ISPs) some new freedom to auction off their web search history and personal data.
But, that simply is not true.
For one, the FCC’s “privacy” rule never actually took effect – Internet privacy is the same as it was 3 months ago, 6 months ago, a year ago. And more importantly, the FCC’s “privacy” rule was not about privacy at all. The FCC used the hot button word “privacy” to distract from the fact that it was actually pushing a massive power grab.
In reality, the FCC, which has little experience policing Internet privacy violations, stripped enforcement authority away from the Federal Trade Commission (FTC), the agency with the most expertise in enforcing Internet privacy. More concerning is that the FCC took this bold action without the blessing of congress.
Undeniably, the FCC’s action was completely unjustifiable. The FTC punished bad actors in hundreds of privacy violations over the last decade. Its battle tested method combined sensitivity-based and harms-based approaches to protect your informational exchanges by focusing on what data was held, the level of data sensitivity, and how consumers would have been affected if the data were misused. This strategy protected consumers while still allowing for innovation.
The FCC’s ‘privacy’ rule, on the other hand, was overly burdensome and would have blocked innovation. Even worse, it zeroed-in on who held the data, not what the data were. Indeed, the FCC rules were applied only to ISPs, which is a pretty bizarre approach to take if protecting privacy is the true intention.
Compared to Websites, for example, ISPs see far less of what you do online. That is because over 70% of websites use https encryption. An ISP can only see which website you visit, not what you do on the websites. ISPs do not know your movie preferences, products purchases, email content, or anything of the like.
Contrary to claims made by the left, Congress did NOT functionally change how we interact with ISPs or websites. The FCC still has authority to bring enforcement actions against privacy violations perpetrated by ISPs, and new Chairman Ajit Pai, has vowed the agency will follow the FTC regime until FTC authority can be fully restored.
Further, federal laws that require your personal information remain protected have been and still are in place. The Gramm Leach Biley Act (GLBA), which governs financial information privacy, and the Health Insurance Portability and Accountability Act (HIPAA), which covers private health data, apply no matter who holds the data.
By ending the discriminatory, over-the-top FCC law, Congress took the first step in rectifying FCC overreach. Congress signaled that the FTC is the proper agency to police Internet privacy. This should be considered a win for consumers and innovation, not a loss.
While it may be tempting for lawmakers to pass a state privacy law in response to this “loss of privacy” narrative, New Hampshire citizens would be best served by resolving to follow the FTC rules without new legislation in order to maintain consistent privacy protections across the internet – from ISPs to web services to apps.
Katie McAuliffe is Federal Affairs Manager at Americans for Tax Reform & Executive Director of Digital Liberty. Margaret Mire manages state tech and telecom policy at Americans for Tax Reform.
Photo Credit: g4II4is