When it comes to the complicated issue of internet privacy and how web users can protect their personal information, there is a lot of data suggesting that consumers are confused. Online privacy can be a complex issue and it’s important that consumers are educated about, and have an understanding of, all the dynamics involved so that they know how to best protect their personal data and privacy online.
The Federal Communications Commission has recently proposed to make things more confusing for consumers by introducing new rules that will clearly not resolve most of consumers’ online privacy concerns and may make things more complicated.
The FCC’s notice of proposed rule-making, or NPRM, seeks input on over 500 complicated questions, and a short timeframe has been provided to address these questions. When a majority of the Commissioners called for more time for the public to consider the issues related to the notice and its questions, their request was turned down. When the Senate Judiciary Committee leadership asked for greater consideration of the NPRM’s complicated issues, their appeal was also denied.
What does all of this all mean for consumers?
While some consumers may know about the potential FCC regulations governing how Internet Service Providers are required to safeguard personal customer information, most are not aware that the same rules will not govern other online companies and websites, including search engines, social networks, operating systems, and email.
To give one example, under the FCC proposal, the data created when you navigate your browser to Facebook will be subject to one set of privacy rules. But when you click on a website link once you have logged onto Facebook, that data will be subject to a different set of rules.
The FCC’s rules, if enacted, are likely to create confusion among consumers, who might mistakenly believe the new rules protect them across all, or even most, of their online activities. This would not be the case. The FCC’s rules do not reflect the reality of today’s broadband ecosystem. Internet providers already have limited access to consumer data due to the widespread use of encryption, as was demonstrated in a recent paper from Georgia Tech professor Peter Swire.
Consumers need a more consistent approach to privacy regulation. Over the years, the Federal Trade Commission has managed and regulated the complex and ever-evolving world of online privacy. It has been the expert agency in charge of writing and enforcing private-sector privacy rules for decades.
In 2014, the FTC pursued more than 40 enforcement actions related to privacy. One such enforcement action was taken against PaymentsMD, a medical billing website, and its CEO Michael Hughes for deceiving consumers in order to collect their personal medical information.
The FTC banned PaymentsMD from misleading consumers about the way the website collected and used information, including how the data they collect can be shared with a third party. The enforcement action required that they obtain a consumer’s consent through an opt-in before collecting health information from a third party. This was effective consumer privacy protection.
Given the FTC’s deep expertise, the FCC should seek its partnership and guidance on the approach to regulating privacy online.
It makes sense to have regulations that result in transparent and easy-to-understand privacy rules, rather than rules that only apply to one segment of the internet, while giving the misleading impression of protection for all consumers. A unified approach to regulating privacy would help alleviate consumer confusion and allow rules to be applied consistently across the web.
The FCC should strive to match its approach to privacy regulation with the FTC’s well-established framework so consumers are fully protected online and across all platforms.
Debra Berlyn is the President of Consumer Policy Solutions and leads the Consumer Awareness Project; an effort dedicated to educating and informing consumers about communications issues, including online privacy.