You belong now to Comcast & Verizon & AT&T and all the other big corporations from whom you receive the internet in America.
And by, “you,” what we mean is all the data you generate when you go online with your home computers and mobile devices: all your browsing history, your record of purchases, your health information, your financial information, where you go, where you shop, what your children do.
The United States Senate voted March 23 to repeal a rule adopted last October by the Federal Communications Commission (FCC) which would have required those major internet service providers (ISPs) to get your permission before collecting and selling that personal information to advertisers – or anyone else.
Assuming the repeal passes the U.S. House of Representatives (not a wild guess it will) and is signed by President Trump (not a wild guess he will), those major corporations will be able to do whatever they want with the “you” that is your digital essence.
The congressional action was taken under what’s called the Congressional Review Act, which allows Congress to repeal any federal regulation taken by any federal agencies within 60 days of its adoption. It’s the same rule Congress is using to roll back many of the measures, rules and policies adopted in waning days of the Obama Administration.
The March 23 vote in the Senate to roll back the new FCC privacy rules fell strictly along party lines: all Senate Republicans voted for the roll back; all Senate Democrats voted against it.
Overwhelmingly – 93 percent – Americans prefer the kind of privacy the FCC rules would have guaranteed.
And let’s be clear: the major corporate ISPs have been collecting and using this data for quite a while (as have companies like Google and Facebook). The FCC rule would have given back to you some control of that information. In reality, of course, hardly anything you do online is private.
The FCC privacy rules adopted last October were scheduled to go into place March 2 but the new FCC, now under the control of the Trump Administration, blocked the rule implementation. The congressional action will further negate its privacy protections.
Telecom lobbying groups and advertising industry lobbying groups were wildly enthusiastic about the rule roll back and consumer protection groups were equally pained.
The rule roll back resolution was introduced into the Senate agenda earlier this month by U.S. Sen. Jeff Flake, R-AZ, who said rolling back the FCC rule would protect consumers.
“My resolution is the first step toward restoring the FTC’s light-touch, consumer-friendly approach,” he said. “It will not change or lessen existing consumer privacy protections. It empowers consumers to make informed choices on if and how their data can be shared.”
“(Rolling back the rule) would allow Comcast, Verizon, Charter, AT&T, and other broadband providers to take control away from consumers and relentlessly collect and sell their sensitive information without the consent of that family,” Markey said on the floor of the Senate. That sensitive information includes health and financial information, and information about children, he said. ISPs want to ‘draw a map’ of where families shop and go to school, and sell it to data brokers “or anyone else who wants to make a profit off you,”
“Your home broadband provider can know when you wake up each day—either by knowing the time each morning that you log on to the Internet to check the weather/news of the morning, or through a connected device in your home,” said Sen. Nelson during Senate floor debate. “And that provider may know immediately if you are not feeling well—assuming you decide to peruse the Internet like most of us to get a quick check on your symptoms. In fact, your broadband provider may know more about your health—and your reaction to illness—than you are willing to share with your doctor.”
Not that it matters much, now, but the FCC rule would have provided some, albeit limited, privacy protections:
The FCC language “separate(s) the use and sharing of information into three categories and include clear guidance for both ISPs and customers about the transparency, choice and security requirements for customers’ personal information:
- Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.
- Opt-out: ISPs would be allowed to use and share non-sensitive information unless a customer “opts-out.” All other individually identifiable customer information – for example, email address or service tier information – would be considered non-sensitive and the use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations.
- Exceptions to consent requirements: Customer consent is inferred for certain purposes specified in the statute, including the provision of broadband service or billing and collection. For the use of this information, no additional customer consent is required beyond the creation of the customer-ISP relationship.
“In addition, the rules include(d):
- Transparency requirements that require ISPs to provide customers with clear, conspicuous and persistent notice about the information they collect, how it may be used and with whom it may be shared, as well as how customers can change their privacy preferences;
- A requirement that broadband providers engage in reasonable data security practices and guidelines on steps ISPs should consider taking, such as implementing relevant industry best practices, providing appropriate oversight of security practices, implementing robust customer authentication tools, and proper disposal of data consistent with FTC best practices and the Consumer Privacy Bill of Rights.
- Common-sense data breach notification requirements to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information.