On March 1, 2017, the Federal Communications Commission issued a temporary stay of a data security regulation that would have subjected ISPs to a more stringent standard than that applied to other companies in the Internet ecosystem under Federal Trade Commission regulations.
The decision will maintain the status quo that has been in place for nearly two years with respect to ISPs and nearly a decade with respect to other telecommunications carriers.
In a joint statement, the FCC and FTC stated that “the Federal Communications Commission and the Federal Trade Commission are committed to protecting the online privacy of American consumers.” “We believe that the best way to do that is through a comprehensive and consistent framework.” Accordingly, the FCC decided to stay one of its rules before it could take effect.
In 2015, the FCC stripped the FTC of its authority over ISPs’ privacy and data security practices. Jurisdiction over such practices may very well be returned to the FTC given that all actors in the online space should reasonably be subject to the same rules enforced by the same agency.
“Until that happens, however, we will work together on harmonizing the FCC’s privacy rules for broadband providers with the FTC’s standards for other companies in the digital economy.”
The stay will remain in place only until the FCC is able to rule on a petition for reconsideration of its privacy rules.
Some express concern that the temporary delay of a rule not yet in effect will leave consumers unprotected. The FTC believes that “it is vital to fill the consumer protection gap created by the FCC in 2015.” The stay also ensures that ISPs and other telecommunications carriers do not incur unnecessary compliance costs while modifications to the rule are considered.
Going forward, it is anticipated that the FTC and FCC will work together to establish a uniform, technology-neutral online privacy structure.
The stay does not address rules that became effective earlier this year or those that are scheduled to become effective later this year. ISPs and other telecommunications carriers remain obligated to comply with applicable federal and state privacy, data security and breach notification laws, rules and principles.
Many believe that the foregoing is Chairman Pai’s opening salvo in the war on privacy rights and the 2015 net neutrality rules. Commissioner Mignon Clyburn, a Democrat who voted against the stay, said “[i]f a provider simply decides not to adequately protect a customer’s information and does not notify them when a breach inevitably occurs, there will be no recompense as a matter of course.”
Advertising groups previously petitioned the FCC to reconsider the rules, stating that the agency had overstepped its authority and unduly burdened ISPs.
Contact an FTC lawyer if you would like to discuss the design and implementation of compliant advertising campaigns, or if you are the subject of a local, state attorney general or federal regulatory matter.
Richard B. Newman is an Internet marketing compliance and regulatory defense attorney at Hinch Newman LLP focusing on advertising and digital media matters. His practice includes conducting legal compliance reviews of advertising campaigns, representing clients in investigations and enforcement actions brought by the Federal Trade Commission and state attorneys general, commercial litigation, advising clients on promotional marketing programs, and negotiating and drafting legal agreements.
HINCH NEWMAN LLP. ADVERTISING MATERIAL. These materials are provided for informational purposes only and are not to be considered legal advice, nor do they create a lawyer-client relationship. No person should act or rely on any information in this article without seeking the advice of an attorney. Information on previous case results does not guarantee a similar future result.