Information Privacy Law
Professor Ira Rubinstein
March 29, 2017
Following the passage by Senate last week of the resolution overturning an Obama-era FCC rule that required internet providers to get consumers’ permission before sharing their browsing history with other companies, the House of Representatives passed the same resolution in a 215-205 vote on March 28. Internet providers now only need a signature from President Trump before they’re free to take, share, and sell people’s web browsing history without prior permission.
It is reported that no Democrats in the House voted for the resolution, and 15 Republicans opposed it. A similar version squeaked through the Senate last Thursday on a party-line vote of 50-48. In view of the new political environment, it appears unlikely to be any new consumer privacy legislation in this vastly more pro-business Congress. And the FCC won’t be able to pass privacy restrictions protecting all web browsing history again under the Congressional Review Act. In this regard, people may start to question the future of consumer protection and privacy enforcement under the federal government.
Stacey Gray at Future of Privacy Forum believes that we are likely to see state legislatures and Attorneys General step in if no new consumer privacy legislation is to be generated or the ability of regulatory bodies to protect consumer privacy is limited. She says several states that have strong consumer privacy laws, such as California, may seek to fill the void and regulate digital marketing. She also expects there could be more private litigation seeking to protect and enforce consumer privacy.
In addition to resorting to public protection, consumers may need to seek self-protection. For instance, consumers may use computer software such as “Tor” to enable anonymous communication. “Tor” can direct Internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand relays to conceal a user’s location and usage. However, the problems of using “Tor” include technical complexity and slower internet speed because service providers have been downgrading traffic they can’t sell adverts around.
Virtual Private Networks (VPNs) that set up a secure connection that runs traffic through their own servers may be another option. However, Jeremy Gillula, senior staff technologist at the Electronic Frontier Foundation, suggest avoiding free VPNs because it’s just passing the trust issue to another company. Additionally, VPNs have to work under the rules of their home country, and therefore it is not clear whether your data collected by the VPNs is subject for sale under the relevant law.
On the other side, the majority of the industry are applauding the congressional action to repeal the FCC rule. The Internet & Television Association and CTIA, formerly the Cellular Telecommunications and Internet Association, an advocacy group for the industry, issued statements after the vote, claiming that they would continue to follow ‘privacy-by-design’ principles and honor the FTC’s successful consumer protection framework. However, not all ISPs want to abolish the rule. Some small providers believe that such resolution is harmful to the industry in the long run given that one of the cornerstones of the business is respecting the privacy of the customers. And some small providers have said publicly that they won’t collect, store or sell their users’ data, in order to gain power in competition. Hopefully the market could eventually shake down the best solutions for people.