Who Will Protect Your Data?
Ever since service providers expanded to wireless and mobile coverage, the landscape for federal guidance has changed drastically. In the past, the Federal Trade Commission (“FTC”) oversaw enforcement of privacy and data security issues, deriving their authority from Section 5 of the FTC Act, which allows them to pursue action against companies that they deem to be undertaking deceptive or unfair acts and practices in commerce. Section 5 of the FTC Act, however, lists a key exemption for companies considered to be "common carriers." If a company is considered to a be a common carrier, the Federal Communications Commission (“FCC”) then typically has jurisdiction. While this made sense before broadband, cable, and wireless services became prevalent, the push for “net neutrality” has, ironically, opened the door to less protection and data oversight due to confusion over whether the FCC or the FTC must act on behalf of consumers. In support of net neutrality, the principle that Internet service providers (“ISPs”) should enable access to all content and applications regardless of the source, without favoring or blocking specific websites or applications, President Obama allowed the FCC to reclassify broadband providers as Title II common carrier service providers under the 2015 Open Internet Order. This suddenly meant that companies that were previously under the FTC’s oversight suddenly became subject to FCC rules instead.
As a result, this has unfortunately created great confusion over how data security breaches and consumer information should be handled because the FCC typically did not handle such litigation. Some experts have even gone as far as to question whether the FCC has the requisite expertise to handle such litigation against these technology companies when it has historically been the FTC who sued companies such as America Online, CompuServe, and Prodigy on behalf of consumers.
Even more frustratingly, the confusion may have been avoided by better overall government planning. These problems in overlap were foreseen as early as 2007 in a report filed by the Internet Access Task Force, which noted that “the common carrier exemption is likely to frustrate the FTC’s efforts to combat unfair or deceptive acts and practices and unfair methods of competition in these interconnected markets.”
And now, the confusion has only been further compounded by a 9th Circuit 2016 ruling that turned on whether the entity in question has the “status” of a common carrier. While the FTC and FCC have long argued over whether exemptions are given based on status or activity, the 9th Circuit held that the “plain language” of the statute does not make any reference to activities, and therefore ruled against the FTC (and thus consumers) and in favor of technology giant, AT&T.
While consumers have urged the court to reverse the decision, which allowed AT&T to throttle the mobile Internet speed of its customers without explicit consent, the turmoil only continues as the FCC seems to have taken a step back from their new regulatory role. Just this March, the FCC issued a stay of rule that would have created new consumer privacy protection by requiring ISPs and phone companies to take “reasonable” steps to protect consumer information (e.g., social security numbers, health information, web history, etc.) from theft and data breaches. In their explanation, the FCC cited an interest in shifting authority back to the FTC to “avoid consumer confusion.”
For more information on this topic, please visit our Data Privacy service page, which is part of our Technology & Data.
Klemchuk LLP is an Intellectual Property (IP), Technology, Internet, and Business law firm located in Dallas, TX. The firm offers comprehensive legal services including litigation and enforcement of all forms of IP as well as registration and licensing of patents, trademarks, trade dress, and copyrights. The firm also provides a wide range of technology, Internet, e-commerce, and business services including business planning, formation, and financing, mergers and acquisitions, business litigation, data privacy, and domain name dispute resolution. Additional information about the technology & data law firm and its technology & data attorneys may be found at www.klemchuk.com.
Klemchuk LLP hosts Culture Counts, a blog devoted to the discussion of law firm culture and corporate core values with frequent topics about positive work environment, conscious capitalism, entrepreneurial management, positive workplace culture, workplace productivity, and corporate core values.