Regulatory Oversight and Privacy Policy for an Open Internet Ecosystem


Gigi Sohn

In my previous post, I highlighted four reasons why the U.S needs a unified policy framework for an open Internet ecosystem: 1) lack of competition/incentive and the ability to discriminate; 2) collection of and control over personal data; 3) lack of transparency; and 4) inadequacy of current laws and enforcement. Many of these problems can be addressed with targeted legislative and regulatory interventions. Others require more research and investigation before the right policy prescriptions can be developed.

The policy proposals I suggest can be placed in five categories: 1) regulatory oversight, 2) privacy, 3) competition, 4) access and affordability, and 5) transparency. I’ll address my recommendations for regulatory oversight and privacy below and the other three categories in subsequent posts.

Addressing Gaps in Regulatory Oversight

There can be no effective policy framework for an open Internet ecosystem if policymakers lack the legal tools to enforce that framework. Neither the Federal Communications Commission nor the Federal Trade Commission currently have adequate legal authority to promote an open Internet.

The FCC was created in 1934 as the expert agency overseeing access to communications networks, and it should remain the principal agency for carrying out this task. However, the limitations on the FTC’s authority should not prevent it from having concurrent, if not primary, oversight over broadband Internet access service (BIAS) providers. Indeed, after the Obama FCC classified BIAS providers as telecommunications services, technically removing them from FTC jurisdiction, the agencies pledged to work together to bring enforcement actions against BIAS providers for fraudulent billing and anti-consumer privacy practices. Broadband Internet access is critically important to our economy and society, and, as such, empowering multiple regulators is both prudent and necessary.

Similarly, Congress should strengthen the FTC’s authority to protect consumers from the unfair and anticompetitive activities of online platforms and should investigate whether the FTC alone is an adequate regulator. In 2014, online industries contributed six percent, or nearly $1 trillion, to the gross domestic product of the United States. Such a huge part of our economy may warrant its own regulatory agency.

To address the gaps in regulatory oversight, Congress should:

  • Restore and clarify the FCC’s authority to oversee the broadband market, either under Title II of the Communications Act of 1934 or a new title that codifies, at a minimum, the 2015 Open Internet Order.
  • Repeal the FTC’s “Common Carrier” exemption, which would allow the FTC to conduct oversight of BIAS providers regulated either under Title II or another title that treats providers as common carriers.
  • Give greater specificity and clarity as to the FTC’s powers, specifically that the powers go beyond mere deception.
  • Task one of the Congressional investigative services (e.g., Government Accountability Office (GAO) or Congressional Research Service (CRS)) with investigating and if warranted, making recommendations for the creation of either a special bureau at the FTC, a separate agency or quasi-judicial body  to oversee consumer, competition, and privacy aspects of online platforms.

Empower Consumers to Protect Their Privacy

The repeal of the FCC’s broadband privacy rules and the Facebook-Cambridge Analytica scandal shined a spotlight on the fact that U.S. citizens have little affirmative protection with respect to consumer privacy. Americans have made it clear that they want protection. A recent Pew survey found that ninety-one percent of Americans want the ability to control what data they give to online platforms, but they do not know how to exercise that control.

There has been a lot of recent discussion about what online privacy legislation might look like, including mimicking the General Data Protection Regulation (GDPR) recently adopted by the European Union. The GDPR is commendable for provisions such as creating strong consumer control over data collection and sharing, and the significant penalties for non-compliant companies. However, parts of it are over-regulatory and likely inconsistent with the First Amendment, such as the “Right to Be Forgotten,” which allows an individual to compel a company to remove certain data.

The FCC’s broadband privacy rules—which were quickly repealed by Congress in April 2017 and never took effect—are arguably a better model for giving consumers control over their data. Developed after a long public comment period and with significant input from privacy advocates, industry, and the FTC, the rules could be applied just as easily to online platforms.

Congress should codify the FCC’s broadband privacy rules and require, among other things, that both online platforms and BIAS providers:

  • Give consumers control over their data, unless it is necessary to providing service. For “sensitive information,” a customer must opt-in to the use and sharing of their data. For all other information, the consumer must be given clear, persistent, and easily-available notice of the opportunity to opt-out of the use and sharing of their data.
  • Take reasonable measures to protect customers’ data. Reasonableness is measured by a variety of factors, including industry practices.
  • Notify law enforcement and consumers of major data breaches in a timely fashion.
  • Prohibit requirements that users give up their privacy rights to obtain a service.

Depending on the industry, this law could be enforced by the FCC, the FTC, both, or a new agency created by Congress.


The majority of my policy recommendations for improving regulatory oversight and privacy practices for the major players in the Internet ecosystem include policies and rules that have worked, but for reasons of ideology have been repealed.  Policymakers need not recreate the wheel when addressing these critical issues.

This series:

The U.S. Needs a New Policy Framework for an Open Internet Ecosystem

Regulatory Oversight and Privacy Policy for an Open Internet Ecosystem

Competition Policy for an Open Internet Ecosystem

Access and Affordability Policy for an Open Internet Ecosystem


Gigi B. Sohn is a Distinguished Fellow, Georgetown Law Institute for Technology Law & Policy and Benton Senior Fellow and Public Advocate. She is one of the nation’s leading public advocates for open, affordable and democratic communications networks. For nearly thirty years, she has worked across the country to defend and preserve the fundamental competition and innovation policies that have made broadband Internet access more ubiquitous, competitive, affordable, open and protective of user privacy. 

By Gigi Sohn.