Net Neutrality is No More

Internet users have been suddenly stripped of an important source of privacy protection.  On March 1, 2017, the Federal Trade Commission (FTC) and Federal Communications Commission (FCC) abruptly suspended the net neutrality rules that had been scheduled to go into effect on March 2nd.

Internet users in the United States have long been protected by privacy frameworks such as the Consumer Privacy Bill of Rights and by government agencies such as the FTC. These privacy protections were vastly enhanced on October 27, 2016 when the FCC adopted rules that empowered users to decide how their personal data is used and shared by broadband Internet providers (ISP’s) such as Verizon and ATT. These rules, commonly known as “net neutrality”, require ISP’s to obtain the express consent from customers before sharing or using their personal information. Before net neutrality, ISP’s were immune from consumer privacy laws because they are regulated as public utilities like the electric company rather than providers of consumer services.

In adopting net neutrality, the FCC stated that “privacy rights are fundamental because they protect important personal interests—freedom from identity theft, financial loss, or other economic harms, as well as concerns that intimate, personal details could become the grist for the mills of public embarrassment or harassment or the basis for opaque, but harmful judgments, including discrimination.”

ISPs serve as a consumer’s “on-ramp” to the Internet. Providers have the ability to see a tremendous amount of their customers’ personal information that passes over that Internet connection, including their browsing habits, beliefs, preferences and likely future activities. The FCC determined that consumers deserve the right to decide how that information is used and shared — and to protect their privacy and their children’s privacy online.”

ISP’s have access to all sorts of personal information, including your geolocation, your children’s information, health information,  financial data, Social Security number, your Internet browsing history, app usage history, financial status, familial status, race, religion, political leanings, age,  location and most significantly, the content of your communications. Under the October 2016 net neutrality rules, ISPs became required to obtain affirmative ‘opt-in’ consent from consumers before using or sharing sensitive information. The FCC required ISP’s to provide transparency to their customers with “clear, conspicuous and persistent notice” about the information they are collecting, how and when they share the information, and the types of advertisers and others with which the ISP shares these kinds of information. In addition, ISP’s became subject to the same government privacy requirements that the FTC imposes on search engines such as Google, social media such as Facebook, and other edge providers.

Needless to say, neither the ISP’s nor their advertisers were happy with the new regulatory scheme. On March 1, 2017, the new Administration’s FCC Chair delayed the implementation of the regulations.  In announcing the decision, the FCC stated that “After all, Americans care about the overall privacy of their information when they use the Internet, and they shouldn’t have to be lawyers or engineers to figure out if their information is protected differently depending on which part of the Internet holds it.” It may be worth noting that the FCC Chair was formerly Associate General Counsel at Verizon Communications Inc.

In the absence of protection, ISP’s can once again sell your personal information for advertising purposes without asking for your permission or letting you know about it.