FCC Commissioners React to Stay from Data Security Regulation from Broadband Privacy Order

Commissioner Clyburn: On the very same day a major content distribution network revealed that the private data of millions of users from thousands of websites had been exposed for several months, the FCC announced its intention to indefinitely suspend rules requiring broadband providers to protect users’ private data. The irony here is inescapable. With a stroke of the proverbial pen, the Federal Communications Commission—the same agency that should be the “cop on the beat” when it comes to ensuring appropriate consumer protections—is leaving broadband customers without assurances that their providers will keep their data secure.

It is for this reason, that I must issue this unequivocal dissent.

This Order is but a proxy for gutting the Commission’s duly adopted privacy rules—and it does so with very little finesse. First, the Order alleges deleterious divergence from FTC standards, when in actuality there is little daylight between the approaches taken by the two agencies. Second, the Order alleges significant harm to service providers, but cites absolutely nothing to prove it. In fact, the stay request does not even begin to estimate the costs associated with compliance. The outcome of this Order is not relief of regulatory burdens, as is evidenced by providers seeking a stay using the text of the FCC’s rule as the basis for their voluntary code of conduct. What it actually does is permit providers to shift the costs for corporate negligence onto private citizens.

Finally, I must express my disappointment that the Chairman even entertained this item being adopted on delegated authority. This would have marked the first time in which the Wireline Competition Bureau actually granted a petition for stay. Thankfully, my request to have this considered by the Commission preserved some degree of procedural integrity at the FCC.

Commissioner O’Rielly: I support this decision to stay the broadband data security rules while the Commission and Congress consider an appropriate resolution of the broader Net Neutrality proceeding.

To be clear, I think the law and Commission precedent are quite straightforward: the FCC lacks authority to adopt data security rules for any type of provider. Data security is not mentioned anywhere in the Communications Act, and other statutes and legislative efforts that have addressed the topic do not afford the FCC any role.

I consistently objected to the prior Commission’s unlawful attempts to freelance in this area long before the Net Neutrality Order and Privacy Order were adopted. I also pointed out that the Commission’s attempts to saddle the communications sector with experimental regulations could conflict with well-established FTC precedents that have served as a predictable road map for businesses and consumers alike.

Finally, I appreciate the opportunity to vote on this order at the Commission level. While I welcome greater participation by the full Commission in general, I think that Commission-level action on significant decisions like this one are particularly helpful to provide a clear and final statement of the agency’s position, which promotes transparency and certainty for all interested parties.