FCC halts data security rules

The rules require providers to take 'reasonable' measures to secure consumer data

FCC building in Washington
Federal Communications Commission

The U.S. Federal Communications Commission has halted new rules that would require high-speed internet providers to take 'reasonable' steps to protect customer data.

In a 2-1 vote that went along party lines, the FCC voted Wednesday to stay temporarily one part of privacy rules passed in October that would give consumers the right to decide how their data is used and shared by broadband providers.

The rules include the requirement that internet service providers should obtain "opt-in" consent from consumers to use and share sensitive information such as geolocation and web browsing history, and also give customers the option to opt out from the sharing of non-sensitive information such as email addresses or service tier information.

The data security provisions, which were to go into effect Thursday, included the requirement that broadband internet access providers engage in reasonable data security practices and provide data breach notification requirements.

Internet service providers, however, claim that the regulations place more burdens and costs on them than on other internet entities such as search engines and social networks.

“The federal government shouldn’t favor one set of companies over another—and certainly not when it comes to a marketplace as dynamic as the internet,” said FCC Chairman Ajit Pai in a joint statement on Wednesday with Federal Trade Commission Acting Chairman Maureen K. Ohlhausen.

Holding that jurisdiction over broadband providers’ privacy and data security practices should be returned to the FTC, the two officials said that for the time being they “will work together on harmonizing the FCC’s privacy rules for broadband providers with the FTC’s standards for other companies in the digital economy.”

Privacy advocates and Democratic legislators are wary that the FCC under Pai, a Republican, may whittle down the privacy rules proposed under the previous administration of President Barack Obama.

Pai who was appointed chairman by President Donald Trump, has indicated his willingness to change drastically some of the rules passed by the previous administration. He recently described net neutrality rules, passed two years ago, as a "mistake" that caused uncertainty for the broadband industry.

Sens. Edward J. Markey and Elizabeth Warren, both Democrats from Massachusetts; Richard Blumenthal, a Democrat from Connecticut; and Al Franken, a Democrat from Minnesota, earlier this week called on Pai not to take any actions that undermine the broadband privacy rules. Pai’s proposal to halt the operation of the data protection provisions “comes despite the mounting number of data breaches impacting consumers throughout this country,” the lawmakers added.

“With a stroke of the proverbial pen, the Federal Communications Commission — the same agency that should be the 'cop on the beat' when it comes to ensuring appropriate consumer protections — is leaving broadband customers without assurances that their providers will keep their data secure,” said Mignon Clyburn, the FCC’s only Democratic commissioner, in a dissenting statement.

The other provisions of the privacy order are still being reviewed by the Office of Management and Budget under the Paperwork Reduction Act. The stay on the data security provision will remain in place until the FCC can rule on the petitions for reconsideration.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon