Congress: Don’t Let Internet Providers Sell Our Data to the Highest Bidder

(Update below)

Some in Congress want companies like Comcast, AT&T, and Verizon to be able to sell your private information to the highest bidder—and that’s exactly what could happen today if they follow through with a plan to overturn strong internet privacy rules created by the Federal Communications Commission (FCC) last year.

Last year the FCC finalized rules to protect consumers’ online privacy and security. The rules would make internet service providers (ISPs) get your permission before they used or sold the sensitive data you generate while using the internet. The data they can collect includes every website you visit, the times you log into and out of your online accounts, and in some cases, even your location. The rules would also force the companies to be more transparent in how they collect, use, and share your information and ensure that companies had data security measures in place.

Some Senators—even privacy champions—appear willing to bow to industry pressure to overturn the rules despite broad support of these commonsense protections from the ACLU and other privacy, civil rights and consumer groups. They have threatened to eliminate the rules as early as this week using a rarely deployed procedure: the Congressional Review Act (CRA). Using the CRA would allow Congress to overturn the rule with just a majority vote in both chambers, without the opportunity for members to filibuster—and bans the FCC from issuing rules that are “substantially the same” from being issued—creating serious questions about the FCC’s ability to protect consumer’s online privacy in the future.

A future without the FCC on the consumer protection beat could be bleak. Some in Congress argue that the Federal Trade Commission (FTC) can better protect consumers; however, the FTC has no authority to make rules for companies to follow. This means that the FTC can only step in and correct abuse after it has occurred. And even then, the law currently exempts “common carriers”—which include ISPs—from the FTC’s jurisdiction in some cases.

Indeed, the stakes for consumer data are higher now than ever before. ISPs could sell your deeply personal data to advertisers, big-data brokers, and even to law enforcement. While it is true that advertisers and big data firms are already collecting, using, and selling information about your online habits, ISPs are afforded an even greater vantage point as they sit atop the internet backbone. Using just your browsing history alone, they can paint an intimate picture of your religious practices, sexual activities, health problems—your aspirations and your fears.

There is a well-documented dark side to the use of this deeply personal information. Advertisers and big data brokers have a long history of using information gleaned from online activities to build discriminatory profiles on consumers. Retailers have been found to offer different online prices to customers based on their location. In some cases, customers in higher-wealth areas were given better deals than those in lower-wealth areas, because there were fewer retail stores in poorer areas to compete with the online prices. With no restrictions in place on Comcast, AT&T and Verizon selling your data to these advertisers, big-data brokers, and governments, this kind of discrimination could intensify and consumers could be left with little ability to protect themselves.

Even if Congress comes to its senses and realizes that the wholesale overturning of this rule is dangerous for consumers, the privacy rules are still under threat. The newly appointed FCC Chairman, and former Verizon lawyer, Ajit Pai, has long been opposed to the privacy rules. Just last week, he put on hold the portion of the rule that requires internet service providers to implement industry best practices on protecting their customers from hacking and data breaches. And now Chairman Pai is also considering a request from ISPs to overturn the rules in their entirety.

The FCC’s privacy rules are a common-sense step toward giving consumers control over how their data is used and sold. Without these protections in place, we are at greater risk of having deeply personal and revealing information breached or used in a discriminatory way. Congress must abandon its attempts to overturn this crucial rule and the FCC must resist calls to delay or weaken the rule’s protections.

Update (3/7/17):
Senator Flake today took the first step in overturning the FCC’s broadband privacy rules using the Congressional Review Act (CRA). A simple majority vote in both chambers in support of Flake’s resolution of disapproval will eliminate the rules and ban similar rules in the future.