California has a responsibility to get Internet policy right. The state’s ranking as the sixth largest economy understates its influence on the world’s innovation economy. One-third of global venture capital is invested in Silicon Valley, San Francisco, Los Angeles or San Diego.
California is the test bed, launch pad and sand box for thousands of apps and Internet services which, if successful, are launched on the world.
Indeed, 94% of consumers want a consistent set of privacy rules applicable to all Internet companies.
Right now, a bill is being rushed through the state Legislature using the highly suspect “gut and amend” process. It would reorganize the Internet app and data ecosystem – which has created hundreds of thousands of jobs – without a single public hearing.
Under President Obama, and for the last 20 years, privacy has been aggressively enforced by the Federal Trade Commission. In short, service providers have greater flexibility to use data that are not sensitive– for example, an interest in sports or cars. But when it comes to using sensitive health or financial data, companies must get consumers’ explicit approval before using the data for marketing purposes.
The policy protects privacy everywhere consumers go on the Internet. That means it applies to ISPs, web browsers, search engines, devices and ad networks, which is what consumers want. Indeed, 94% of consumers want a consistent set of privacy rules applicable to all Internet companies.
At the very end of President Obama’s administration, the Federal Communications Commission tried to reverse that policy. It required Internet Service Providers – and only Internet Service Providers – to get “click yes” affirmative approval for an overly broad amount of information. It’s these rules that AB 375 tries to emulate, and AB 375 goes even further.
Leading experts were opposed. The Democratically-controlled Federal Trade Commission raised dozens of objections. Former Rep. Henry Waxman, D-Los Angeles, a noted consumer advocate, said the FCC’s “sweeping default opt-in regime” would “undermine beneficial uses of data” and “could result in tangible consumer harm.” Another critical point: the FCC’s rules were never implemented and the underlying statute requiring ISPs to protect customer data is still in effect.
By legislating to such a broad swath of non-sensitive data, the bill opens the door to consumers needing to deal with a stream of “click yes” requests for routine Internet services. More important, as experts know, when faced with a stream of trivial requests, consumers pay less attention to real threats and important notices, which is a real risk to privacy and cybersecurity.
The bill runs counter to how the Internet has always operated, with seamless flow of data among various providers. If consumers are required to opt in to Internet providers, it would disrupt how others in the ecosystem make use of that information and could impact products and services across the Internet ecosystem.
Whatever you think of the FTC’s approach versus the FCC’s , the idea that we must rush to set aside a 20-year policy in effect today and replace it with one that’s completely untested is nonsensical. Internet policy is far too important to get wrong. And the people whose jobs are on the line deserve to be heard.
Ed’s Note: Nancy Libin is co-chair of the Privacy and Information Governance Practice at Jenner & Block LLP and the former chief privacy officer at the U.S. Department of Justice.