Compliance Management, Network Security, Privacy

US telecoms regs bow to ISPs, customers no longer federally protected

US authorities have indefinitely blocked data protection regulations for ISPs in the face of industry pressure.

On 1 March, The Federal Communications Commission (FCC) agreed to repeal a 2016 privacy order which demanded that ISPs take “reasonable measures to protect customer (data) from unauthorised use, disclosure and access.”

The move was in response to a stay petition signed by some of the largest internet companies in the world including AT&T, Verizon, T-Mobile and Comcast along with a host of smaller and regional providers. The 11 companies called for a halt on the order, which was due to go into effect on 2 March, saying that there were already voluntary industry principles in place and the cost of complying with the order would be harmful to not just business but customers, too.

The privacy order, made in October 2016 under the Obama presidency, apparently departs sharply from the Federal Trade Commission's privacy framework which, according to the petitioners, “effectively balances the twin objectives” of  customers control over their own data and “beneficial uses of data that lead to innovation, new products and capabilities, customised services, and growth in the digital economy”.

The petitioners claimed that the order recommends several costly and cumbersome moves for ISPs including changes to companies' internal business structures, customer authentication methods and information handling practices. In essence, compliance will be costly, especially for smaller providers and “wasteful and counterproductive to the public interest”.

The opposition to the petition argued that those claims of harm were theoretical or grossly exaggerated. A block on the privacy order would be against the public interest because ISPs lack market incentives to protect customer data. The industry principles and the FTC privacy framework that the petitioners so admire, the opposition added, come without an enforcement mechanism, making compliance voluntary.  

The blocking of the privacy order was welcomed by the two Republican commissioners of the FCC, with the one Democrat Mignon Clyburn, dissenting. He stated to the commission that the body was failing to carry out its job of being “the cop on the beat”. Instead this block permitted “providers to shift the costs for corporate negligence onto private citizens”. The decision, said Clyburn, meant that a voluntary code is the only federal protection for broadband data security: “If a provider simply decides not to adequately protect a customer's information and does not notify them when a breach inevitably occurs, there will be no recompense as a matter of course.

The FCC's chair and Trump appointee, Ajit Pai, is a controversial figure and is often labelled not only as a partisan enemy of regulation but net neutrality too. He's been resolute in his stated belief that the FCC should not be a regulatory hindrance but a conduit for economic growth in the dynamic tech sector.

He voted against the 2015 Open Internet Order, which was meant to serve as a baseline regulation for net neutrality. In 2016, he made a speech to the conservative Free State Foundation, railing against the recent classification of the internet as a Title II carrier under the 1934 Telecommunications Act. The classification imposed a number of rules on internet service providers, and is believed to be a step towards net neutrality.

He noted in his speech that when a Trump came into office, this would all change. He told the audience: "We need to fire up the weed whacker and remove those rules that are holding back investment, innovation, and job creation."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.