Christin McMeley

[Commentary] The Federal Communications Commission recently released a Fact Sheet announcing FCC Chairman Tom Wheeler had circulated to his fellow Commissioners a proposed Order with new privacy rules for Internet service providers, along with some high-level details of his proposal. In the spirit of the election-year, five statements from the Fact Sheet and the Chairman’s blog are highlighted and evaluated below.

1) "These rules...are in harmony with other key privacy frameworks and principles -- including those outlined by the Federal Trade Commission and the Administration's Consumer Privacy Bill of Rights." -- False
2) "Your ISP has a broad view of all of your unencrypted online activity -- when you are online, the websites you visit, and the apps you use." -- False
3) "91 percent of American adults say consumers have lost control over how their personal information is collected and used by companies, according to Pew Research Center." -- Misleading
4) "There are currently no rules in place outlining how ISPs may use and share their customers' personal information." -- Misleading
5) "The Chairman' Proposed Rules 'do not regulate the privacy practices of websites or apps, like Twitter or Facebook, over which the FTC has authority." -- True

[Christin McMeley, CIPP-US, is the Chair of DWT's privacy and security practice.]

[Commentary] In a decision that could significantly impact the scope of the Federal Trade Commission’s consumer protection authority under Section 5 of the FTC Act, the US Court of Appeals for the Ninth Circuit ruled on August 29, 2016, that common carriers are entirely exempt from the FTC’s jurisdiction, even when engaged in “non-common carrier” activities. The court’s decision in FTC v. AT&T Mobility LLC reflects a major rebuke of the FTC’s prior interpretation of its authority under Section 5, under which the agency regulated the non-common carrier activities and services of companies otherwise classified as common carriers. Unless reversed or modified, the decision will result in a dismissal of the FTC’s current action alleging that AT&T’s inadequate notice to its customers regarding data “throttling” practices was an unfair practice under Section 5. The decision also raises a host of new questions regarding who falls within (or outside of) the FTC’s jurisdiction.

If this is the outcome, is there any federal agency (as opposed to the 50 states) with jurisdiction to enforce consumer protection issues? Could the Federal Communications Commission rely on other sections of the Communications Act to bring enforcement actions against Google? Stay tuned to the Privacy and Security Law Blog for answers to these questions as we provide updates on this decision, the FTC’s response, and the pending FCC proceeding.