The Federal Trade Commission (FTC) recently submitted comments to the Federal Communications Commission (FCC) in which it reminded broadband Internet service providers that they are subject to several data privacy and security laws enforced by the FTC. The FTC’s comments underscore why broadband providers – as well as their vendors and business partners – must keep a close watch on both FCC and FTC developments in the privacy and security space.
As part of its inquiry, the FCC sought comment on whether data privacy and security issues are relevant to consumer broadband adoption. It also asked whether broadband providers comply with their own voluntary pledges regarding data privacy and security, as well as what other data privacy and security obligations providers have.
In its comments, the FTC described several privacy and data security laws that it states apply to broadband service providers, including: Section 5 of the FTC act (which prohibits “deceptive” or “unfair” acts or practices), the Fair Credit Reporting Act (as service providers may provide information to credit bureaus or use credit reports or both), and the Children’s Online Privacy Protection Act (applicable to operators of websites aimed at children as well as general websites that collect personal information from children). The FTC also continued its practice of asserting Section 5 authority over the non-common carrier services provided by common carriers. Of note, the comments also seem to signal that compliance with the FCC’s proposed open Internet (net neutrality) transparency rule may not be sufficient to meet the FTC’s privacy and security expectations.
The FTC also discussed some of the policy and education initiatives that it has engaged in to promote data privacy and security. Policy initiatives included workshops, reports, and testimony before congress on privacy and data security. Regarding education, the FTC has distributed guides and developed websites spanning topics such as what consumers should do after a security breach, best security practices for businesses, and children’s safety online.
This originally was posted to the Hogan Lovells Focus on Regulation blog on October 6.