Comments of ICLE and Scholars of Law & Economics, In the Matter of Protecting the Privacy of Customers of Broadband and Other Telecommunications Services
The Commission’s NPRM would shoehorn the business models of a subset of new economy firms into a regime modelled on thirty-year-old CPNI rules designed to address fundamentally different concerns about a fundamentally different market. The Commission’s hurried and poorly supported NPRM demonstrates little understanding of the data markets it proposes to regulate and the position of ISPs within that market. And, what’s more, the resulting proposed rules diverge from analogous rules the Commission purports to emulate. Without mounting a convincing case for treating ISPs differently than the other data firms with which they do or could compete, the rules contemplate disparate regulatory treatment that would likely harm competition and innovation without evident corresponding benefit to consumers.
Concerns relating to online privacy have been extensively studied by regulators and others over the past two decades. By and large, regulators responded to these concerns with a combination of a general case-by-case approach alongside tailored rules derived from the relevant information involved in particular areas of privacy concern. Few, if any, regulators have adopted an “opt-in” privacy regime for non-sensitive data such as the FCC proposes. The FCC’s proposed regime may have been cutting-edge in the 1980s and 1990s — but it makes no sense in today’s information economy in which firms from different segments of the economy fluidly enter each other’s markets and effectively compete in a separate, cross- sector, informatics and advertising market. The proposed rules instead dig in the heels of the Commission against the irresistible tide of progress, attempting to maintain arbitrary industry firewalls between firms.
The “problem” the Commission attempts to fix with this proposed rulemaking is not one of preventing ISPs from using personal information to prevent new entrants from effectively competing with their incumbent businesses — which was, in fact, the genesis of the CPNI rules.1 Rather, these rules are designed to keep ISPs from competing with edge providers like Google, Facebook, and Netflix. But, in truth, both edge providers and ISPs actually need general rules of broad applicability. This is what the FTC and other regulators have largely done to date. Such broadly applicable rules are designed to be competitively neutral, and to offer the flexibility needed to address the various concerns that may come up in these markets while balancing legitimate economic and privacy interests and providing an adequate level of notice to those subject to regulation about their expected norms of conduct.
In short, the Commission has not made a convincing case that discrimination between ISPs and edge providers makes sense for the industry or for consumer welfare. The overwhelming body of evidence upon which other regulators have relied in addressing privacy concerns urges against a hard opt-in approach. That same evidence and analysis supports a consistent regulatory approach for all competitors, and nowhere advocates for a differential approach for ISPs when they are participating in the broader informatics and advertising markets. Absent the collection and analysis of substantial evidence — which at this point has not been articulated by the Commission or those advocating the Commission’s proposed approach, and which is far beyond the scope of the present NPRM — the proposed approach is not supportable.
And all of the foregoing is particularly perplexing in light of the fact that the Commission will inadvertently create more consumer harm than benefit. At the same time, the Commission has not shown that regulatory efficacy, administrative efficiency or anything else demands such rules. Particularly given TerraCom and the demonstrated ability of the Commission to handle harms as they arise even absent prescriptive rules, the need for these aggressive new rules simply cannot be justified.