House Communications Subcommittee Hears Testimony on “Modernizing” Privacy Protections

Customer Proprietary Network Information is protected by Section 222 of the Communications Act of 1934, as amended by the Telecommunications Act of 1996, 47 U.S.C. § 222, and is defined as information about “the quantity, technical configuration, type, destination, and amount of use of a telecommunications service.” This hearing was devoted to the question whether Section 222 remains adequate to protect user information derived from new services and applications that have entered the market since the 1996 Act.

Testifying at the hearing were The Honorable Robert McDowell, former FCC Commissioner, Mr. Hance Haney, Director and Senior Fellow of the Technology and Democracy Project, and Ms. Laura Moy, Deputy Director of the Georgetown Law Center on Privacy and Technology. Mr. Haney advocated for “a uniform privacy framework administered by a single agency for sake of consistency,” and specifically for the continued application of the privacy protections enforced by the Federal Trade Commission – and not the FCC – on the ground that previous iterations of FCC privacy rules had anticompetitive effects that amounted to “crony capitalism … picking winners and losers in the marketplace.” Note that the FTC’s enforcement authority comes not from Section 222, which regulates common carrier telecommunications, but rather from Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45.

Commr. McDowell, emphasizing that he testified purely in his own capacity, also noted the “regulatory asymmetry” in the way CPNI protection is applied to the various communications services in the market. But, Commr. McDowell asserted, “only Congress has the authority to modernize and harmonize privacy and consumer protection laws,” such that the FCC lacks authority to impose privacy protections on much of today’s communications services – anything introduced after Section 222 was enacted.

Ms. Loy’s testimony focused on the consumer’s perspective, opening with the observation that “consumers feel that they have lost control of their private information.” Ms. Loy stated that Section 222 “might be the strongest consumer privacy law we have on the books,” but that Congress should “give Americans the privacy protections they deserve” by adding “protections that are forward-looking and flexible.” She proposed that the FTC be given express authority to adopt privacy rules – rather than merely enforcing them – in the way that Section 222 has authorized the FCC to do. And, in fact, a bill was introduced in both the House and the Senate during the 2017-18 term, titled the “MY DATA Act of 2017,” which would have authorized the FTC, “after consulting with” the FCC, to adopt federal rules protecting information gathered by providers of Internet broadband service and Internet content. H.R. 2356 is available here and S. 964 is available here.

The Subcommittee, led by Chairperson Marsha Blackburn (R-TN) and Ranking Member Michael Doyle (D-PA), probed the panel’s recommendations with over an hour of questions regarding geolocation data, possible privacy breaches, and federal agency responses. Rep. Blackburn highlighted the bill she introduced in last term, H.R. 2520, called the “BROWSER Act of 2017,” which would authorize the FTC to enforce privacy protections on broadband Internet access service, several types of websites, and many mobile applications. Rep. Anna Eshoo (D-CA) stated that the BROWSER Act did not go far enough, because it did not include rulemaking authority for the FTC nor any civil enforcement provisions.

You can access the Subcommittee’s webpage for the hearing, which contains the witnesses’ pre-submitted written testimony, here.