Congress Takes Sledgehammer to Broadband Privacy Rules Through Congressional Review Act

Today Senator Jeff Flake (R-Ariz.) introduced a resolution of disapproval under the Congressional Review Act (CRA) to repeal the broadband privacy rules enacted by the Federal Communications Commission last October. The rules protect consumer privacy by requiring ISPs to seek affirmative consent before using or disclosing their customers’ sensitive information, including web browsing and app usage history, for marketing purposes. The rules also require ISPs to provide clear and conspicuous notice of their privacy policies and to inform consumers of data breaches unless the ISP determines the breach is unlikely to cause its customers harm. Last week, the FCC voted 2-1 to stay the portion of the rule that required ISPs to implement reasonable data security measures to protect the data they collect about their customers.

The CRA was created in 1996 as a blunt tool for Congress to repeal rules enacted by agencies. Before this year, it had only been invoked successfully once. Further, a CRA prohibits agencies from enacting substantially similar rules to the rules that the CRA repeals without express Congressional authorization.

The following statement can be attributed to Eric Null, Policy Counsel at OTI.

“OTI has long advocated for strong broadband privacy protections and supports the rules adopted by the FCC last year. With a proposed CRA, Senator Flake has signaled a sledgehammer approach to fully repeal those rules. This measure would leave consumers without effective privacy protections and prevent the FCC from enacting meaningful privacy rules in the future. The CRA does not simply force the FCC to go back to the drawing board — it takes the drawing board away completely.”

The following statement can be attributed to Sarah Morris, Director of Open Internet Policy at OTI.

“The FCC spent months considering the expansive docket of filings to determine how to carefully apply its statutory privacy mandate to broadband service providers, and ultimately enacted strong rules that put consumer choice and data security front and center. Any modification of those rules should be subject to the same deep analysis and thoughtful consideration. A CRA, implemented by Congress, is a purely political maneuver designed to tie the hands of the Commission from future privacy regulations, and one that leaves a gaping hole where neither the FCC nor the FTC can effectively protect the American people from harmful privacy intrusions. With so many critical issues on its plate, the last thing Congress should be doing is obliterating strong, pro-consumer protections for broadband consumers.”