Let me offer a simple layman’s definition of “knowing and affirmative opt-in.” Ten seconds after the consumer signs, ask him about the particulars of the agreement. For example, “Did you just agree that your ISP can sell your email patterns to your bank, your insurance company and your ex-spouse’s lawyer?” If the answers all amount to, “I have no idea. I just clicked the box so I can stream movies,” that was not a knowing and affirmative opt-in.
The FCC also created a box of data requiring customers to opt out, should they not want their data shared. “ISPs would be allowed to use and share non-sensitive information unless a customer ‘opts-out.’ All other individually identifiable customer information — for example, email address or service tier information — would be considered non-sensitive and the use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations.”
The problem with the opt-out area is that there is no requirement for it to be easy to find and to use. And with no such requirement, just how well hidden do you expect your typical ISP to make it?
The FCC also pointed out that these changes don’t even impact a lot of the most germane Internet companies. “The rules do not apply to the privacy practices of web sites and other ‘edge services’ over which the Federal Trade Commission has authority. The scope of the rules do not include other services of a broadband provider, such as the operation of a social media website, or issues such as government surveillance, encryption or law enforcement.”
That little exception was enough to prompt FCC Commissioner Ajit Pai to dissent from the decision.
“Privacy rules for ISPs are important and necessary, but it is obvious that the more substantial threat for consumers are not the ISPs,” Pai said, according to a report in the Consumerist. “Citing recent news stories about Yahoo, Google, Apple, Twitter, and others, Pai complained that regulating ISPs more stringently than those providers ‘does not make any sense,’ concluding ‘the cold reality that Americans should remember is this: nothing in these rules will stop edge providers from harvesting and monetizing your data. So if the FCC truly believes that these new rules are necessary to protect consumer privacy, then the government now must move forward to ensure uniform regulations of all companies in the internet ecosystem at the new baseline the FCC has set. And that means the ball is now squarely in the FTC’s court.”
Pai, while overstating the privacy protections the FCC has delivered, does raise an important issue. But the FCC kicking the ball over to the Federal Trade Commission — another government commission that is no stranger to toothless regulations — isn’t going to help.
Sign up for CIO Asia eNewsletters.