Former FCC Chairman Tom Wheeler recently penned an opinion piece for The New York Times arguing that, in the wake of the revelation that Facebook’s loose policies impacted the data privacy of millions of users, the answer is to follow Europe’s lead on privacy. Quite simply, Wheeler is wrong.
Wheeler notes that “The American government has done little to help us” on privacy protection. Indeed, and that was certainly true when he was chairman of the FCC. His 2015 rules moving regulation of broadband to Title II of the Telecommunications Act failed to address the actual problem he describes. In fact, his preferred rules were in place during the 2016 campaign when Cambridge Analytica attempted to sway voters using data from an estimated 87 million Facebook accounts – a fact Wheeler omits from his piece. But Wheeler’s rules, while targeting a handful of companies, imposed no requirements on Internet edge providers like Facebook.
Rather than demonstrating leadership by advocating broad Internet user privacy protections, applicable across the span of the Internet ecosystem, he chose a path of one-sided regulation. His rules targeted only one group of companies (Internet Service Providers), which collect far less customer data than Internet edge providers that have an advertising business model grounded on the preference profiles they assemble from data collected about their users.
Europe has chosen a highly intrusive regulatory regime in the General Data Protection Regulation (GDPR), which will go into effect in late May. If transposed into the American context, as Wheeler espouses, the practical effect would be to harm the advertising business model of Internet edge providers. It is that model which enables the bulk of Internet content to be free or priced at a very low cost within the reach of most Internet users.
The GDPR requires affirmative “opt in” consent before websites operating in Europe can collect data from their users. Unless website users take the affirmative step of clicking a box giving permission for the website operator to collect information about them, no information can be collected. Given human nature and the reality that most people would never bother to give affirmative consent for data collection, the preference profiles that enable targeted advertising could not be assembled and used. It’s really hard to see how this kind of regulation benefits consumers, because it inevitably would make Internet content less available and far more costly.
That’s why there is no need to follow Europe in the path of highly intrusive regulation but instead to enact comprehensive legislation here, adopting an approach that will give consumers meaningful information about and control over the information that is collected from them, while at the same time preserving the advertising model that keeps content either free or highly affordable.
Those goals can be achieved by adoption of legislation making explicit the Federal Trade Commission’s (FTC) authority to protect privacy. Such legislation could also incorporate open internet principles that apply no blocking or throttling of legitimate online content to all providers in the Internet ecosystem
Consumers would have the benefit of a consistent set of privacy rules applicable across the entire Internet ecosystem, including both ISPs and edge providers. They would receive a clear statement of what data is collected and how it is used, and would be provided an easy ability to opt out of making that data available to a particular company or app. Consumers who are particularly concerned about protecting their privacy would be given the convenient means of doing so.
The result will protect consumers’ privacy directly, without harming innovation or investment throughout the Internet ecosystem and treating all companies the same, so that consumers have one standard of what to expect for the protection of their privacy.
Americans invented the Internet. We are still the world’s leaders, as the very success of companies like Google, Facebook, Apple, and Amazon shows. Our network systems operators invest far more than their European counterparts in bringing ever-faster broadband to individuals and businesses.
Just as we have historically led global Internet development, the United States should also be a global privacy leader, adopting an approach that works for us and offers a model for the balance of the world. The best way forward is for Congress to pass a law enacting strong privacy protections that apply equally to everyone in the Internet ecosystem – network systems operators, edge providers and app companies – and applies no matter how one accesses the broadband Internet. Congress can pass that law this year – and avoid both special treatment for some companies while imposing severe requirements on others and the overly broad policy that Europe is about to impose.