GOP lawmaker who helped kill ISP privacy rules proposes new privacy rules
on
Get link
Facebook
X
Pinterest
Email
Other Apps
Bill requires opt-in consent, but prohibits states from imposing stricter rules.
Jon Brodkin
Seven weeks after Congress voted to prevent implementation of new ISP
privacy rules, a lawmaker who helped lead that effort has proposed
legislation that would impose similar rules in a new form.
Rep. Marsha Blackburn (R-Tenn.) introduced the House version of legislation that ultimately killed those privacy rules in March. But now she's back with a new bill (full text)
that requires broadband providers and websites to obtain users' opt-in
consent before using or sharing Web browsing history, application usage
history, and other sensitive data like the content of communications and
financial and health information.
There's one big caveat: Blackburn's bill would prevent individual
states and municipalities from imposing laws that are stricter than the
proposed federal standard.
Still, the proposed opt-in requirement is very similar to one the
Federal Communications Commission tried to impose on all home and mobile
Internet providers. Republicans in Congress objected to those rules,
saying that ISPs shouldn't face stricter requirements than Web companies
like Google and Facebook. Websites are regulated separately by the
Federal Trade Commission and just need to offer users a way to opt out
of the use and sharing of browsing data.
Browsing data is commonly used to serve personalized advertisements.
The Blackburn proposal would ensure parity by imposing the opt-in
requirements on both ISPs and companies that offer websites and other
services over the Internet. But with Republicans in Congress pushing for
less regulation of ISPs, it doesn't seem likely that Blackburn's
proposal would be approved. "It's not clear that the bill has the
support it would need to move through Congress, and it currently lacks a
corresponding version in the Senate," Axios wrote in a story yesterday.
The bill was introduced yesterday and referred to the House Committee on Energy and Commerce.
Regulatory parity and states' rights
Congress could have ensured regulatory parity between ISPs and
websites by allowing the FCC's rules to take effect and imposing similar
rules on websites. Instead, Congress eliminated the FCC rules entirely
without any replacement. President Trump made that decision final by signing the repeal legislation on April 3.
There are some key differences between Blackburn's proposal and the
FCC regulations that would have taken effect later this year if not for
Congress repealing them. Blackburn's bill would empower the FTC to
enforce the rules using its authority to prevent unfair and deceptive
acts and practices, cutting out the FCC entirely. The bill "prohibits
the FCC from promulgating regulations related to the privacy of user
information," according to a fact sheet Blackburn's office provided to
Ars.
While the FTC is prohibited from regulating common carriers such as
ISPs, the bill provides an exception that would allow the FTC to
regulate ISP privacy practices. That could end up being moot anyway, as
the FCC yesterday took a preliminary vote to eliminate the common carrier classification of ISPs.
As previously mentioned, the Blackburn bill would also preempt any
state, city, or town from imposing its own privacy rules on ISPs and
websites. Blackburn, who is chairperson
of a Congressional telecommunications subcommittee, has an inconsistent
history when it comes to states' rights in telecom. When the FCC tried
to prevent states from imposing laws that restrict the growth of
municipal broadband providers, Blackburn stood up for "states' rights"
to protect private ISPs from municipal competition. In this case,
Blackburn doesn't want states to impose any consumer protection rules
different from the ones in her bill.
After Congress eliminated the FCC privacy rules, lawmakers in several states responded by trying to impose state-level privacy protections. Blackburn's proposed
ban on state privacy laws may have been spurred by those actions. But
she also may have felt pressured to support a federal privacy law after
feedback from voters, as large majorities of both Republicans and
Democrats opposed the privacy rollback in a recent survey.
Specific requirements
The Blackburn bill would require ISPs and websites to "clearly and
conspicuously notify users" of their privacy policies and material
changes to their policies. The policies would have to be "persistently
available" for users to view.
ISPs and websites would have to "obtain opt-in approval from a user
to use, disclose, or permit access to the sensitive user information of
the user." Sensitive information that would be subject to the opt-in
requirements includes "precise geo-location, children’s information,
health information, financial information, Social Security numbers, Web
browsing history, app usage history, and the content of communications,"
according to the bill fact sheet.
ISPs and websites would only need to offer an opt-out system before
using or sharing information that isn't considered sensitive.
Users would be able to grant or withdraw their approval at any time.
"A provider of a covered service shall make available a simple,
easy-to-use mechanism for users to grant, deny, or withdraw
opt-in approval or opt-out approval at any time," the bill says.
ISPs and websites would not be allowed to deny service to users who refuse to provide their consent to data usage and sharing.
No opt-in or opt-out requirements are required for using or sharing
information needed "to provide broadband service, and bill and collect
for the service; to protect the provider and its customers from
fraudulent, abusive, or unlawful use of the provider’s service; [and] to
provide location information in times of emergency," the fact sheet
said.
Comments
Post a Comment