Congress Takes Sledgehammer to Broadband Privacy Rules Through Congressional Review Act

Today Senator Jeff Flake (R-Ariz.) introduced a resolution of disapproval under the Congressional Review Act (CRA) to repeal the broadband privacy rules enacted by the Federal Communications Commission last October. The rules protect consumer privacy by requiring ISPs to seek affirmative consent before using or disclosing their customers’ sensitive information, including web browsing and app usage history, for marketing purposes. The rules also require ISPs to provide clear and conspicuous notice of their privacy policies and to inform consumers of data breaches unless the ISP determines the breach is unlikely to cause its customers harm. Last week, the FCC voted 2-1 to stay the portion of the rule that required ISPs to implement reasonable data security measures to protect the data they collect about their customers.

The CRA was created in 1996 as a blunt tool for Congress to repeal rules enacted by agencies. Before this year, it had only been invoked successfully once. Further, a CRA prohibits agencies from enacting substantially similar rules to the rules that the CRA repeals without express Congressional authorization.

The following statement can be attributed to Eric Null, Policy Counsel at OTI.

“OTI has long advocated for strong broadband privacy protections and supports the rules adopted by the FCC last year. With a proposed CRA, Senator Flake has signaled a sledgehammer approach to fully repeal those rules. This measure would leave consumers without effective privacy protections and prevent the FCC from enacting meaningful privacy rules in the future. The CRA does not simply force the FCC to go back to the drawing board — it takes the drawing board away completely.”

The following statement can be attributed to Sarah Morris, Director of Open Internet Policy at OTI.