The Federal Communications Commission’s Media Relations Office has released a statement announcing Chairman Pai’s intention to stay a data security rule adopted by the Commission late last year in its Broadband Privacy Order. Absent a stay, the rule is set to go into effect on March 2.
The Federal Communication Commission’s long-awaited – and much debated – privacy rules for Internet Service Providers have now been adopted. The agency approved the rules by a 3-2 vote along political party lines last Thursday. Several of the FCC requirements are particularly notable for being more restrictive than the Federal Trade Commission’s standards for consumer online privacy. In this post we provide an overview of some of the new FCC rules and highlight key areas where the FCC’s requirements diverge from the FTC’s framework.
Please join us for our November 2016 Privacy and Cybersecurity Events.
On Thursday, Federal Communications Commission Chairman Tom Wheeler circulated a highly anticipated broadband data privacy and security Notice of Proposed Rulemaking to the other Commissioners, slating the proposals for a full Commission vote at the agency’s March 31 Open Meeting. The rules would apply to internet service providers, but organizations throughout the online data ecosystem will want to pay close attention to this rulemaking and be prepared to comment on the FCC’s proposals.
On January 31, 2016, the Silicon Flatirons Center for Law, Technology, and Entrepreneurship at the University of Colorado hosted its annual Digital Broadband Migration Symposium. The theme of this year’s conference was “The Evolving Industry Structure of the Digital Broadband Landscape.” The two-day conference brought together an array of leaders from government, academia, and industry to examine the role of regulatory oversight, antitrust law, and intellectual property policy in regulating industry structure and to discuss what policy reforms may be appropriate for the constantly changing digital broadband environment. As outlined below, a recurring topic throughout this year’s conference was the relationship between privacy, security, and the evolving digital landscape.
On November 5, 2015, the Federal Communications Commission Enforcement Bureau announced a $595,000 settlement agreement with Cox Communications, Inc. to resolve an investigation into whether the company failed to properly protect its customers’ personal information when electronic data systems were breached in August 2014. According to the FCC, Cox exposed the personal information of numerous customers and failed to report the breaches through the Commission’s established breach-reporting portal.
FCC Chairman Wheeler has announced that he is circulating a proposal to address more than twenty pending petitions seeking clarity regarding the scope requirements under the U.S. Telephone Consumer Protection Act. He authored a blog post on the proposal and also released a fact sheet
The U.S. Federal Communications Commission’s Public Safety and Homeland Security Bureau has requested public input on a recent report on Cybersecurity Risk Management and Best Practices by the Communications Security, Reliability and Interoperability Council for communications providers. The Report represents the latest example of the U.S. government’s continued attention to these issues following the President’s 2013 Executive Order on Improving Critical Infrastructure Cybersecurity. Comments are due May 29, with replies due June 26.
Last week, U.S. District Court Judge Edward M. Chen denied AT&T Mobility’s motion to dismiss the Federal Trade Commission’s (FTC’s) October 2014 complaint alleging that AT&T engaged in unfair and deceptive practices in connection with its retail mobile broadband data services. AT&T argued that its status as a common carrier makes it exempt from enforcement of the FTC Act. The court disagreed. At issue is the scope of the common carrier exemption.
In its recent Open Internet Order, the U.S. Federal Communications Commission determined that broadband Internet access services are appropriately classified as common carrier “telecommunications services” under the Telecommunications Act of 1996. In doing so, the agency established itself as the primary U.S. data privacy and security regulator for those services and triggered additional requirements under the Act. It also promised a future rulemaking that could result in a sea change in how ISPs and their business partners interact with consumer data. Although the decision is widely expected to be appealed in court, organizations operating across the broadband ecosystem would be prudent to assess the potential impact on their current and planned online service portfolio.
The Federal Communications Commission recently issued a Notice of Apparent Liability for Forfeiture proposing a $10 million penalty against TerraCom, Inc. and YourTel America, Inc. (collectively, the “companies”) for allegedly violating laws protecting consumers’ personal information. Specifically, the FCC alleged that the companies placed the personal data of up to 300,000 consumers at risk by storing Social Security numbers, names, addresses, driver’s licenses, and other proprietary information on unprotected Internet servers that “anyone in the world could access.” The decision is the FCC’s first case involving data security. It is also informative as to the FCC’s current and evolving expectations with regard to carriers’ duties to protect sensitive consumer information, and it underscores the need for organizations in the communications sector to keep a close eye on both FCC and Federal Trade Commission data privacy and security enforcement activity.
The Federal Trade Commission recently submitted comments to the Federal Communications Commission in which it reminded broadband Internet service providers that they are subject to several data privacy and security laws enforced by the FTC. The FTC’s comments underscore why broadband providers – as well as their vendors and business partners – must keep a close watch on both FCC and FTC developments in the privacy and security space.
A Telephone Consumer Protection Act (TCPA) case decided by the U.S. Court of Appeals for the D.C. Circuit has direct implications for all organizations that employ third-party providers to conduct their outbound calling and text messaging campaigns. It could also impact the extent to which courts will defer to the FCC’s guidance regarding the TCPA. In addition, on February 6, members of Hogan Lovells’ TCPA Practice will host a special webinar on recent TCPA developments and key compliance challenges for 2014.
On February 6, 2014, members of Hogan Lovells’ Telephone Consumer Privacy Act Practice will host a webinar on recent TCPA developments and key compliance challenges for 2014. Among the topics that will be covered are how the Federal Communications Commission will apply the new “prior express written consent” requirements; what constitutes an “automatic telephone dialing system”; and whether and how the TCPA applies to mobile offerings and other new technologies and services.
On October 11, 2012, the U.S. Government Accountability Office (GAO) issued a report titled “Mobile Device Location Data: Additional Federal Actions Could Help Protect Consumer Privacy.” Requested by Sen. Al Franken (D-MN), the Report recognizes the efforts of Federal agencies to protect consumer privacy when using mobile devices but calls for additional action
Comments filed recently with the Federal Communications Commission (FCC) show a deep divide over whether the agency should pursue further action to address privacy and security of information stored on mobile devices. Reply comments are due soon.
The Federal Communications Commission has proposed a $2.96 million forfeiture against Travel Club Marketing, Inc. for apparent violations of the Telephone Consumer Protection Act (TCPA) and related FCC rules regarding the delivery of prerecorded messages, as well as its Caller ID rules. This enforcement action serves as a reminder to companies placing autodialed calls or delivering prerecorded messages to ensure that such calls and messages comply with federal and state laws. Otherwise, they risk not only class action litigation, but also potential regulatory enforcement fines that are imposed on a per-call basis.
The U.S. Supreme Court today in FCC v. AT&T, Inc., reversed the U.S. Court of Appeals for the Third Circuit, holding that “personal privacy” under the Freedom of Information Act (“FOIA”) does not extend to corporations even though they are defined as “persons” under the statute. Chief Justice Roberts, writing for the Court, expressed his “trust […]
The Federal Communications Commission (FCC) issued a Public Notice seeking comment on a Petition for Expedited Clarification and Declaratory Ruling (Petition) filed by Global Tel*Link Corporation (Global Tel) regarding its outbound calling practices. The Petition raises several key issues under the Telephone Consumer Protection Act (TCPA) and related FCC rules, including whether certain calls (e.g., […]
The FCC’s National Broadband Plan signals that the Commission will take an expanded role in privacy-related consumer protection issues. This blog entry details the privacy-related aspects of the Plan.
The Federal Communications Commission released a Public Notice this week seeking further comment on numerous privacy issues as part of its National Broadband Plan proceeding. Based on questions raised in a recent Center for Democracy & Technology filing, some of the broad issues that the Notice seeks comment on include: Consumer expectations of privacy, and how to […]