On April 3rd, President Trump signed a bill repealing online privacy rules that were set to go into effect later this year. The rules were passed by the Federal Communications Commission (the “FCC”) in October 2016.
The new rules would have required Internet service providers (“ISP’s”), such as AT&T and Verizon, to obtain consumer consent before collecting “sensitive” information and data related to users’ online activities. This information includes browsing history, and financial and health information. ISP’s want this data for more targeted advertisements. While the rollback of this rule is being viewed as a big blow for privacy advocates, its actual impact may be slight.
The reason? We just don’t have much privacy on the Internet.
The rules only impacted ISP’s, not websites such as Facebook or Google. These websites have massive resources dedicated to Internet data collection. However, unlike ISP’s which are regulated by the FCC, websites are regulated by the Federal Trade Commission (the “FTC”). Because these new rules were promulgated by the FCC (not the FTC) they did not impact websites. Thus, even if the new rules were to go into effect, websites would have remained free to collect consumer data.
This is not to say that the repeal has no consequences for consumers. ISP’s now have freedom to aggressively mine information, just like Facebook and Google. And while it may seem unfair to regulate a website and an ISP differently, there is an important distinction between the two – users can simply avoid accessing websites that collect sensitive information, but it is much more difficult to avoid using an Internet provider.
It remains unclear what the future of online privacy will look like. Some in the tech industry believe this repeal could lead to the implementation of universal online privacy rules, whereby ISP’s and the Google’s of the world would be regulated by the same laws. Or this could be the first of many rollbacks, in which case, Internet data collection will continue to increase in size and scope.
Whatever the case may be, it is important to understand what information websites and ISP’s are permitted to collect, so that Internet users can take affirmative steps to prevent certain sensitive personal and business information from being shared with these companies. For additional questions or assistance with protecting your data or your business’s data, please contact KJK’s Cyber Security & Internet Privacy attorneys.