Top Republicans pushed a measure through the House on Tuesday that overturns Obama-era regulations intended to protect consumers’ data from being shared with advertisers without consent. If you’re reading this story on a computer or internet-connected device, that obviously includes you.
The bill, which passed 215-205 in the House, pulls back legislation passed by Congress in 2016. Originally proposed by the Federal Communications Commission, the measure would have broadened FCC privacy rules so they also applied to broadband internet service providers. In other words, it required companies like AT&T, Verizon and others to get consent from customers like you before sharing (or selling) your personal data and web browsing history with advertisers.
A companion bill passed 50-48 last week in the Senate. President Donald Trump signed the bill Monday.
Now, before you lament the end of your internet privacy — take a deep breath.
As Wired reporter Klint Finley told the NewsHour, those FCC rules never actually went into effect, meaning technically, Tuesday’s measure doesn’t change anything. The rules to protect customer data were passed in October of last year but wouldn’t have taken effect until December 2017, Finley said. So the bill passed on Tuesday simply blocks those rules from taking effect, Finley said.
That said, Tuesday’s measure does create some wrinkles in the debate over consumer privacy in the rapidly growing Internet of Things. Namely, the measure blocks the FCC not only from implementing the 2016 rules, but pursuing others like them.
“Mostly it means that internet service providers now have the go-ahead to sell data,” Finley explained. “It was already technically legal, but if any companies were holding off on doing it while they waited to see if the laws went into effect or not, they don’t have to wait anymore.”
Let’s dissect this together.
How did we get here?
- FCC’s 2016 privacy rules were a follow up to the 2015 Open Internet Order, regulations that defined the Internet as a public utility and set the stage for today’s net-neutrality rules. The Open Internet Order also put the FCC in charge of privacy regulations.
- Until 2015, the Federal Trade Commission, or FTC, held jurisdiction over ISPs, according to a FCC statement. However, two years ago, the FCC “stripped the FTC of its authority over internet service providers.”
- The debate over net neutrality can be summed up in this question, as posed by Neil Irwin of The New York Times: “Is access to the Internet more like access to electricity, or more like cable television service?”
Why is Congress taking this up again?
- The Obama-era bill was passed in October 2016. But lawmakers took advantage of the Congressional Review Act, a rare procedural move that permits lawmakers to reconfigure any regulation they disagree with.
- The bill has sparked debate from both sides of the aisle. Some House Republicans say requiring the FCC to get consent from consumers before sharing data approaches government overreach. House Democrats say not putting those protections in place sets up a poor precedent for online privacy.
- ISPs have pushed back against privacy regulations. Their issue: Sites like Facebook and Google are regulated by the Federal Trade Commission (FTC) and are therefore governed by regulations that do not force them to obtain customer consent before collecting and selling personal data. Notice how right after you’ve been searching for a copy of Uncharted: The Nathan Drake Collection on Amazon, advertisers bombard you with video game ads once you’ve switched back to Facebook.
What does the latest bill actually do?
“Historically, regulations have treated that data as the property of the consumer,” GeekWire wrote. Under the new bill, “it will be viewed more like the property of internet providers.”
This means, ISPs could sell your personal information without consent. They can view anything from your browsing history and geolocation to the applications you use on the web.
The bill also makes it harder for the FCC to pursue policies like those passed last fall, says Ernesto Falcon, legislative counsel for the advocacy group Electronic Frontier Foundation. Congress has “in essence created a law that contradicts the existing privacy law the FCC is tasked with enforcing,” Falcon told the NewsHour.
Why do ISPs want this information, and what do they do with it?
As the digital economy expands, ISPs have become increasingly interested in improving their presence within advertising, Business Insider reported.
“The traditional means is to collect information to create a profile and market it to advertisers who attempt to connect that user to goods they believe they will purchase,” Falcon said.
In theory, anyone from insurance companies, airlines, banks and retailers to political parties or, critics fear, the government, could buy data profiles of consumers.
Trump signed the bill into law Monday. Even though the measure repeals internet privacy rules passed in October, the FCC still reviews privacy cases involving customer privacy on the Internet.
FCC Chairman Ajit Pai told the NewsHour in a statement that “the FCC will work with the FTC to ensure that consumers’ online privacy is protected through a consistent and comprehensive framework. In my view, the best way to achieve that result would be to return jurisdiction over broadband providers’ privacy practices to the FTC, with its decades of experience and expertise in this area.”
Republican Sen. John Thune told Axios that he’s open to passing additional privacy protections in order to reach a legislative compromise on net neutrality “if that were something that it took to get Democrats to the table.”
How to protect your data
Let’s be honest: Whether you know it or not, your internet privacy has more than likely been jeopardized at some point. When it comes to dealing with ISPs, educating yourself on what to expect goes a long way, Neema Singh Guliani, legislative counsel for the American Civil Liberties Union, told the NewsHour. If the bill becomes law, consumers could still explicitly opt out from having their data shared, even if it isn’t obvious how to do it.
“Consumers can call their providers and opt out of having their information shared,” Guliani said. “Consumers can pressure companies to be more transparent and I think there’s an opportunity to pressure companies to implement good practices and for consumers to say ‘I think that you should require opt-in consent and if you’re not, why not?’”
Now, some ISPs do offer some sort of getaway from their targeted advertising. But as noted in The Verge, you may have to dig order within a company’s linear notes in order to find protections for yourself.
Falcon said utilizing a VPN, or Virtual Private Network, could provide a safeguard, but noted that it’s not a bulletproof method.
“People can start using VPNs but they aren’t a perfect defense and ISPs are going to start using our browser information and application data without our permission,” Falcon said. “Ultimately people must let their member of Congress know they value their privacy. If they voted against repeal, encourage them to push for legislation to restore our privacy rights.”