CIOs should take notice of recent developments with the Federal Communications Commission (FCC). The FCC has long required that all cable operators, satellite carriers, telecommunications carriers, and providers of Voice over Internet Protocol (VoIP) services act in a “just and reasonable” manner. Since much of the last two decades of information technology innovation has flowed through similar advances in communications networks, the recent addition of the FCC to the regulatory landscape captures a host of related Internet-based services. With it’s rulemaking authority, many are watching whether – or more likely when – the FCC becomes a “brawny cop” for consumer privacy and what that means.
For the most part, the FTC protects privacy under the mantle of “Consumer Protection” in the U.S.
Unlike the FCC, the FTC has limited rulemaking authority. That’s why the “Open Internet Order” under which the FCC reclassified “broadband Internet access service” as a telecommunication service subject to “common carrier regulation” caused a stir. This makes Internet access service providers subject to certain key consumer protection provisions. Questions about the scope and applicability of regulations at the federal level have the potential to stifle attempts to innovate around covered services.
Here are four issues that CIOs should note as these changes unfold.
1. FCC authority
The 1934 Communications Act requires all “telecommunications carriers” to protect the confidentiality of customer information. Because so many Internet service providers (ISPs) like AT&T, Comcast and Verizon have been reclassified as telecommunications carriers, the FCC now has authority over privacy concerns of their Internet access offerings.
Given the new scope of customer privacy under its jurisdiction, the FCC may write new rules applicable to Internet services specifically. Unfortunately, guidance on the application of current or future rules has been murky at best. The FCC has said simply that service providers must take “reasonable, good faith steps” to comply with the law.
Companies whose business model is selling targeted advertising based on user data rather than providing a communications service will remain largely unaffected. They are still regulated by the Federal Trade Commission.
2. Tracking technologies
It is no secret that one of the areas around which companies innovate involves leveraging customers’ private information. For example, Nomi Technologies, a company whose technology allows retailers to track consumers’ movements through their stores, made headlines when it agreed to settle Federal Trade Commission charges that it misled consumers about opting out of their tracking services. This is not why you want to have your company’s innovations in the news.
Others point to Verizon “supercookie” that helped track the mobile Web traffic of customers to offer up more targeted ads as evidence of the need for stronger privacy rules. Verizon created an opt-out feature under pressure last year only AFTER the FCC announced it was looking into the controversy. Many raise privacy concerns because often “subscribers have no choice but to share [private] information” in order to receive service.
Therefore, it’s important to understand if and how your company is using tracking tech and establish privacy and data security standards.
3. Net neutrality: Signal or noise?
It’s not easy to determine which side of the net neutrality debate to take. In addition to authority over prohibitions against providing content-based preferential treatment (proprietary network calls via streaming video) and the practice of throttling (blocking or slowing Web traffic), the rules also apply to open-Internet protections to wireless services for tablets and smartphones. While both sides argue for an “Open Internet” there’s significant dispute over whether that requires FCC involvement or not.
Some groups that share board members with Google have come out both in support of and against net neutrality. Interestingly, while Google, Samsung and Sprint are part of the Computer and Communications Industry Association, which filed an amicus brief in support of the FCC, Samsung also belongs to Mobile Future, (with AT&T, Cisco and Verizon) and filed an amicus brief in opposition to the FCC. The Cellular Telephone Industries Association, (CTIA) is one of the groups suing the FCC. Telecom companies have raised concerns about the costs of changing existing practices, like using information about a broadband customer to sell other services. More recently, a group of nearly 60 consumer groups and digital activists pressed the FCC to come out with “strong” proposed rules “as quickly as possible.”
4. Consumer protection
Customer proprietary network information (CPNI) is a treasure trove of info about consumers’ online behavior. The Communications Act bars telecom companies from using CPNI for purposes other than providing service. The FCC’s Network Neutrality rules may set the stage for FCC to regulate how ISPs use consumer data via CPNI. Unlike the FTC, the FCC can issue real regulations on privacy. This could bring a major changes in the way the business is transacted with consumer data, with far-reaching impact.
Regardless of the outcome, CIOs should focus on the what, where, how and with whom private customer information is being shared over these communications networks.
Thanks for reading! I love writing about the law. But remember, I am not your lawyer. Any thing you do or don’t do is your decision. I always recommend that you consult a qualified lawyer about your specific situation.