So-Called Privacy Bill Would Actually Innoculate ISPs Against Strong Privacy Protections
Members of Congress have been getting quite a beating from constituents angry over their recent decision to reverse FCC rules that required internet service providers, like Comcast, to get permission before selling your information. In response, last week, Representative Marsha Blackburn (R-Tenn.) introduced privacy legislation that she claims will address these concerns. Given Rep. Blackburn’s history and the text itself, however, we should approach this proposed legislation with skepticism.
The bill would require that internet service providers (like Comcast and Verizon) and edge providers (like Google and Facebook) get permission before selling users’ sensitive information. That policy is a good one – the ACLU has long argued that internet service providers, as well as edge providers like Google and Facebook, should respect users’ privacy—and we support the concept of legislation that would ensure that both adhere to strong privacy standards.
However, our skepticism comes from a provision buried at very end of the bill that would explicitly preempt state legislation on these issues – even if a state passes legislation requiring higher privacy standards than Congress.
The provision appears to be a naked attempt to undercut state privacy efforts. At least 17 states have now introduced legislation aimed at filling the gap created by the overturned FCC rules, and several others are considering introducing legislation. In some cases, state legislation being considered is stronger than what would have been required under the FCC rules. For example, in New Hampshire, a bipartisan bill would prohibit providers from offering discounts to individuals who waive their privacy rights – something the ACLU urged but the FCC declined to do in its rules. Many states have also pressed for limits on not just the use but also the collection of information.
Predictably, industry is already fighting these efforts, now raising concerns about a “patchwork” of regulation. In other words, after first pushing for the elimination of federal standards, industry is now ironically arguing that states should not take action because there should be federal regulation.
Rep. Blackburn’s bill would do precisely what industry wants, which is prevent states from taking their own actions to ensure high privacy standards. If Rep. Blackburn’s goal is to raise privacy standards, she should remove the provision that preempts stronger state protections.
Skepticism of Rep. Blackburn’s motives is also warranted given her voting history. Rep. Blackburn introduced the legislation to gut the FCC rules. If she had truly been interested in creating parity between the privacy standards applied to edge and internet providers, she could and should have worked to strengthen and replace the rules. Instead, she irresponsibly pushed for reversal of the rules, leaving an enormous privacy gap. Introduction of this legislation, which thus far shows no indication that it will become law and could easily be watered-down, does not remedy this reckless act. Nor should introduction of the legislation insulate Rep. Blackburn from well-deserved criticism that she helped lead the charge to sacrifice her constituents’ privacy in favor of industry interests. To redeem herself, Rep. Blackburn would have to ensure passage of strong federal privacy protections that are not watered down by industry interests and that that do not undermine state efforts.