California legislation to ‘protect’ privacy won’t solve privacy problems

[Commentary] Despite its name, the California Broadband Internet Privacy Act, awaiting votes in the state Senate, won’t do anything meaningful to protect consumer privacy on line. Instead, it will curb innovation and reduce competition, hurting consumers whose interests it purports to protect.

The measure, AB 375 by Assemblyman Ed Chau (D-Monterey Park), is intended to crack down on internet service providers that are allegedly selling sensitive personal web browsing information without consumers’ consent. Its backers argue that it will fill a supposed “privacy gap” left when Congress repealed Federal Communications Commission draft rules adopted during Barack Obama’s administration. Here’s why they’re wrong. First, the proposal attacks a nonexistent problem. Internet service providers have committed that they will seek permission from consumers before using sensitive personal information, such as health and financial data. Customers will have to affirmatively “opt in” before any such transaction could take place. So no one’s personal data is being sold. Second, even if a problem exists, there are legal tools to combat it. In short, there is no legislative privacy gap. Third, the state bill is based on a flawed proposal by the FCC. Don’t take my word for it. Ask America’s top privacy cop, the FTC.

[Jon Leibowitz, a partner at Davis Polk & Wardwell, was Federal Trade Commission chair from 2009-2013. He is co-chair of the 21st Century Privacy Coalition, a trade group of broadband providers.]