Today, the FCC adopted a tilted notice of proposed rulemaking that proposes an irrational and unjustified set of regulatory shackles on ISPs. Last month’s déjà vu was AllVid. This time, the issue is consumer privacy on the Internet, and the marketplace is online advertising. The proposed rules will not provide meaningful consumer Internet privacy protections, and will block ISPs from bringing new competition to the online advertising market that could benefit consumers.
Despite Chairman Wheeler’s claim that the Commission’s overarching goal is to promote "competition, competition, competition," and that his focus is on helping competitive upstarts, the NPRM is inexplicably targeted to block ISPs, who have been responsible stewards of consumers’ privacy for decades, from entering and competing as disruptors and upstarts in the online advertising marketplace, which is dominated by edge providers and other non-ISPs. In fact, none of the top 10 players in the online advertising space -- which control over 70% of this market, -- is an ISP.
The unfortunate result of the FCC’s extreme regulatory proposals will be more consumer confusion and less competition – and a bunch of collateral damage to innovation and investment along the way. This is most disappointing because it is entirely avoidable, since the Administration, the Federal Trade Commission, and others have examined this issue and marketplace for many years and have reached very different conclusions.
The genesis of this issue is the FCC’s decision last February to reclassify broadband Internet access service as a Title II telecommunications service. One of the lesser-known consequences of the decision was that the FCC commandeered the FTC’s role in regulating ISP privacy practices.
For nearly two decades under the FTC’s oversight, the entire Internet ecosystem – including ISPs – has been subject to a regime that is focused on the sensitivity of the data collected and how it is used, not on the providers’ business model or method of collection. But the FTC cannot, by law, regulate "common carriers." The FCC’s Title II decision overturned years of settled law with respect to consumer privacy, and created significant uncertainty for both consumers and providers.
This created a situation where suddenly different players in the Internet ecosystem are treated differently with regards to privacy regulation. But trying to cure the uncertainty it created in its Title II decision by establishing a privacy regime where the FCC discriminates against, and prevents new competition from, ISPs does not help anybody, most notably consumers. The best approach would be to put in place a uniform and consistent privacy regime, through coordination between the FCC and FTC or, if necessary, by statute or through a multi-stakeholder process.
But the FCC, without analysis or research, has disagreed, despite the fact that ISP access to user information is neither comprehensive nor unique – as renowned privacy expert Professor Peter Swire notes, "technological developments place substantial limits on ISPs’ visibility," and "other companies often have access to more information and a wider range of user information than ISPs." As EPIC concluded, the FCC’s mistaken view is actually "counterproductive to consumer privacy" and likely will lead to bad policy.
Many entities – operating systems, search engines, social media sites, browsers, ISPs, and others – have access to this data, whether through their own collection or through purchasing the data from third parties, like data brokers. The real issue is whether we can create a set of meaningful and consistent protections for consumer online data. On this point, the FCC not only misses the mark, but it also does not even try to hit the mark.
There is no evidence of any problem with ISP privacy and security practices: research published by the Harvard Business Review and the Pew Research Center shows that consumers trust their ISPs just as much, if not more, than other providers in the Internet ecosystem. And there have been very few ISP-related privacy or data security issues under the FTC regime, even while the FTC has taken numerous enforcement actions against others in the Internet ecosystem.
In a world where search engines, social media sites, browsers, operating systems, and others have just as much access to consumer information as ISPs, an ISP-only regime does little to increase consumer privacy – it merely places a thumb on the scale of competition in the online advertising marketplace in favor of the entrenched incumbents, "severely handicapp[ing]" ISPs’ ability to compete in that market, according to Moody’s, thereby depriving consumers of new innovative services and other benefits additional competition in this space would bring.
Beyond blocking ISPs from competing in the online advertising marketplace, the FCC proposal will have other spillover effects. One example of the extreme nature of the FCC’s proposal and how it would negatively impact competition and consumers relates to cross-marketing of our competitive products and services to existing ISP customers. Under the FCC proposal, Xfinity Internet customers could miss out on learning about lower prices for taking bundles of services like Xfinity Home Security. Today, consumers are benefitting from competition in these new and expanded services, and they expect to receive these offerings from their broadband provider. The proposed FCC’s rules would unjustifiably make that much more difficult.
The FCC has tried to justify similar arbitrary and onerous privacy requirements in the past, and the courts have struck them down as unreasonable and unconstitutional. This proposal could easily meet that same fate.
If the FCC intends to continue down the path of adopting privacy rules, the best way to proceed would be to harmonize its rules with the FTC’s existing privacy protection regime. A broad cross-section of industry – including ISPs, tech companies, and others in the Internet ecosystem – has explained that "[t]he FTC’s time-tested framework has accomplished two important goals—it provides consumers with meaningful privacy protection and helps to enable a dynamic marketplace that supports the emergence of innovative new business models." There’s no need for the FCC to reinvent the wheel.
Let’s be clear on a very important point – ISPs are not advocating for a hands-off approach with respect to consumer privacy. Quite the contrary: earlier this month, a number of industry groups representing ISPs and others put forward a very specific and detailed framework for how this would work in practice. The framework focuses on four separate privacy principles – transparency/notice, consumer choice, data security, and data breach notifications – and provides specific proposals for implementing each principle. This framework "would establish a regime that protects consumer privacy and security while also providing flexibility for providers to implement and update their practices as consumer expectations and technologies evolve."
In other words, this approach satisfies the core principles that Chairman Wheeler has identified – choice, transparency, and security – and does so without impeding new competition or creating consumer confusion by arbitrarily imposing onerous requirements on only one set of marketplace participants.
Comcast takes seriously the privacy and security of our customers’ personal information. We are committed to working with the FCC to find a path forward that protects our customers’ privacy, while giving all participants in the Internet ecosystem the opportunity to compete and the flexibility to invest in and develop innovative services and business models. We look forward to providing constructive input in the FCC’s proceeding to help make that happen.