The anticipated death of the FCC's privacy order raises important questions about how much control users expect over their personal data.
According to some industry experts, the unvarnished answer is: not much.
"The idea that we can ever really have privacy on the internet I think is just not going to happen," Richard Bennett, a consultant with 30 years of experience in network engineering, said in an interview. Bennett is also a visiting fellow in conservative think tank American Enterprise Institute (AEI) Center for Internet, Communications, and Technology Policy, where he specializes in public policies affecting networks, network regulation, and innovation.
Bennett noted the very genesis of the internet was rooted in sharing information.
"It's about having an idea, having a viewpoint, having an article or a story you want to share, and you put it on the internet to share it. The whole purpose of it is sharing," Bennett said, adding that he sees enormous public benefits from the pooling and analysis of anonymous personal data. As examples, he pointed to tracking the spread of infectious diseases and optimizing traffic routes.
"The hallmark of the information age and all the benefits we get from it depends on firms and researchers having access to information and being able to develop knowledge from it," Bennett said, noting that restrictive privacy regulations are not necessarily in the public interest.
Both the House and Senate have voted to overturn the FCC privacy order through the Congressional Review Act, which allows Congress to void regulations passed within the last 60 legislative days through a joint resolution and presidential approval. The White House has signaled it supports repeal of the FCC privacy order, meaning that its death is all but assured.
If the FCC privacy order is overturned, FTC would regain its oversight of broadband privacy. While the FCC's privacy order, which was adopted in October 2016 and applied to broadband service providers, stressed consumer choice, the FTC's privacy regime emphasizes consumer expectation.
As acting FTC Chairman Maureen Ohlhausen explained in a 2016 speech, the FTC protects consumer privacy primarily by stopping deceptive and unfair acts or practices. "We bring cases when a company makes privacy promises to consumers that materially affect consumers' actions, but the company does not keep those promises," Ohlhausen said, explaining that this case-by-case approach encourages the marketplace to develop privacy solutions that match widely varying consumer privacy preferences.
By contrast, the FCC order required broadband service providers to obtain customer consent before collecting or sharing data deemed sensitive by the agency, including web browsing and app usage history.
While Bennett believes most consumers have moved into a post-privacy world, others are not so sure. "People see their privacy being eroded," Free Press Action Fund President and CEO Craig Aaron said in an interview, pointing to the recent joint resolution from Congress and public reaction to it. "I think what we saw this week was an effort to sort sneak through a real loosening of privacy protections and a pretty angry response."
According to Aaron, tens of thousands of voters called their lawmakers to complain about the vote. "Twenty-thousand people calling about an FCC privacy regulation — that doesn't happen every day except when you're doing something really wrong," he said.
Robert Cattanach, a partner at the international law firm Dorsey & Whitney, is of two minds on the matter. "If someone said, 'Do you want to give up your privacy?' We'd say, 'No, I don't want to do that.' But at the same time, we ignore the reality of what happens," Cattanach said in an interview.
He noted that with overly long privacy notices and user agreements, consumers may have to accept that traditional "notice" and "consent" have lost meaning in today's digital world. "Is there anything more meaningless than clicking 'I accept?'" he mused.
Cattanach believes most people know this. "We've just become inured to the consequences because we realize it's the cost of accessing the site. To get there you have to say I accept and we do. That's the general background of the cyber world in which we live but then you ask, 'Do you really want people selling your information?' And no, we don't like that. So I think there's an awareness disconnect," he said.
Aaron agrees that privacy notices are often ignored, but he believes that is a reason why greater privacy protections are needed. "The lawyers of these companies are putting up these huge complicated documents and the only chance you have to weigh in is two seconds before you are trying to do something online. That doesn't seem like a reasonable way to present this information," Aaron said.
He also worries that people may not realize how much information can be gleaned from their web browsing history. "You can see your medical information, your financial information, your sexual orientation, your political and religious affiliation. The personal information that for a lot of people is meant to be kept private suddenly is out there in the world being sold by this company you were paying to just bring you some YouTube videos," he said.
But for Bennett, he believes consumers ultimately do not care if a company like Google or Comcast Corp. uses their information in a nonidentifiable way to deliver more relevant advertising.
"The only thing Google wants to do with my personal information is use it to put appropriate ads in front of me, and I would actually prefer that to happen. I get too many ads for things I wouldn't buy on a bet," he said. Bennett believes consumers are more concerned about the security of their information. As such, he believes regulations should not protect against companies collecting data, but rather should protect against unauthorized access of that data by bad actors.