Protecting Privacy on the Internet: Key Principles for Any Reform

FSF Website | What's New | Publications | Events | FSF Blog

Perspectives from FSF Scholars

April 4, 2019

Protecting Privacy on the Internet:

Key Principles for Any Reform

Theodore Bolema

[Below is the Introduction and Summary to this latest FSF Perspectives . A PDF version of the complete Perspectives , with footnotes, is here .]

Introduction and Summary

I nterest in strengthening privacy enforcement is likely to increase following a stream of revelations of invasive violations of consumers’ privacy expectations by Facebook and other edge providers, as well as the apps supplying private data to them. For example, a recent Wall Street Journal report details how social media giants collect intensely personal information from many popular apps just seconds after users enter it, sometimes even when the user has no connection to the social media company. Recent calls for legislation to enhance privacy protection enforcement include a report from the U.S. Government Accountability Office and a recent speech by Chairman Joseph J. Simons of the Federal Trade Commission (FTC)

If the current Congress is looking to increase federal protections for privacy on the Internet, it is important that any future proposals start from a firm foundation. Specifically, any privacy protection regime should be based on two key principles: that it will (1) be applied equally across platforms, and (2) be overseen by a single lead federal agency with the expertise and capability to protect broadband consumers. For the latter, the FTC is the only agency at the federal or state level that has the institutional structures, experience, and expertise to take this lead role in Internet privacy protection.

The 2015 Open Internet Order ( Title II Order ) set off an era of confusion over the rules for privacy protections on the Internet and which federal agency was in charge. After assuming authority to regulate Internet service providers (ISPs) as common carriers, and thereby divesting the Federal Trade Commission of authority over them, the Federal Communications Commission (FCC) then proceeded to adopt its 2016 Broadband Privacy Order , which imposed burdensome requirements on ISPs like those for cable and mobile telephone companies, including opt-in consent requirements. Thus, the Title II Order , coupled with the Broadband Privacy Order , had the effect of leaving non-ISP edge providers like Google, Facebook, and Amazon subject to the less stringent requirements enforced by the FTC, even though these edge providers collect far more personal data over the Internet than ISPs.

Clarity was restored after the FCC implemented its 2017 Restoring Internet Freedom Order ( RIF Order ), which repealed the Title II Order , reestablishing the FTC’s jurisdiction to regulate the privacy protection practices of both edge providers and ISPs. The FTC has been the primary agency for privacy enforcement in the United States for several decades. Its expertise in this field exceeds that of any other federal or state agency.

There is no reason to believe that consumers want one set of data privacy protections from ISPs and a different set of protections from edge providers. Indeed, consumers in many cases are unlikely to be able to distinguish between providing data to an edge provider and providing data to an ISP. Moreover, the distinctions between the two are breaking down as ISPs increasingly are providing content and edge providers are offering services like Google Voice that compete with communications services offered by ISPs.

Strong evidence is now emerging that the most invasive violations of consumers’ privacy expectations are committed not by ISPs at all, but from the same edge providers like Facebook that received more favorable regulatory treatment as a result of the coupling of the FCC's Title II and 2016 Broadband Privacy Orders . As we learn more about the aggressive collection and use of highly personal data by edge providers like Facebook, the approach resulting from the Title II Order era favoring edge providers with less stringent requirements now seems particularly misguided.

To the extent any additional rulemaking authority is considered, as FTC Chairman Simons stated in his address at the Free State Foundation conference, it should be carefully "targeted." I f Congress seeks to strengthen current Internet privacy protections, it should so in a way that maintains the current symmetrical structure of FTC enforcement authority over both the edge providers and ISPs.

* Theodore R. Bolema is a member of the Free State Foundation’s Board of Academic Advisors and Executive Director of the Institute for the Study of Economic Growth at Wichita State University.

Read the complete Perspectives, with footnotes, here .

In case you missed it…please see:

Thinking the Unthinkable – Part IV, by Free State Foundation President Randolph J. May

"The T-Mobile and Sprint Merger on Day 122," by Free State Foundation President Randolph May

"FCC Should Close Its Toll-Free Texting Proceeding and Tackle Robocalls," by Free State Foundation Senior Fellow Seth Cooper.

"The History of Our Future" by Free State Foundation President Randolph May.

Current FSF Job Openings

Vice-President/Senior Fellow

Research Fellow or Legal Fellow

The Free State Foundation's newest book , A Reader on Net Neutrality and Restoring Internet Freedom , by Randolph May and Seth Cooper, is available from Amazon here in paperback for $9.95 or for your Kindle here for $2.99. And it is available here from Apple and other booksellers in various e-book formats for $2.99 or less. Read more about the book here .

By the way, when you are shopping for books or other items on Amazon, please login through AmazonSmile here . If you do so, Amazon will donate 0.5% of the price of your purchases to the Free State Foundation. We know that it is a small donation, but every little bit helps to support our work!

A Free Market Think Tank for Maryland......Because Ideas Matters and FSF are registered trademarks of the Free State Foundation.