Don’t reverse Internet privacy safeguards

A woman using wireless broadband launches an app on her tablet. (Photo: Daniel Krason, via Shutterstock)

California has a responsibility to get Internet policy right. The state’s ranking as the sixth largest economy understates its influence on the world’s innovation economy. One-third of global venture capital is invested in Silicon Valley, San Francisco, Los Angeles or San Diego.

California is the test bed, launch pad and sand box for thousands of apps and Internet services which, if successful, are launched on the world.

Indeed, 94% of consumers want a consistent set of privacy rules applicable to all Internet companies.

Right now, a bill is being rushed through the state Legislature using the highly suspect “gut and amend” process. It would reorganize the Internet app and data ecosystem – which has created hundreds of thousands of jobs – without a single public hearing.

At first glance, AB 375 seems reasonable. The author claims the bill is needed to restore President Obama era privacy protections repealed by President Trump. However, and this is a critical point, AB 375 does not “restore” President Obama’s longstanding privacy policy. It actually reverses that policy.

Under President Obama, and for the last 20 years, privacy has been aggressively enforced by the Federal Trade Commission. In short, service providers have greater flexibility to use data that are not sensitive– for example, an interest in sports or cars.  But when it comes to using sensitive health or financial data, companies must get consumers’ explicit approval before using the data for marketing purposes.

The policy protects privacy everywhere consumers go on the Internet. That means it applies to ISPs, web browsers, search engines, devices and ad networks, which is what consumers want.  Indeed, 94% of consumers want a consistent set of privacy rules applicable to all Internet companies.

At the very end of President Obama’s administration, the Federal Communications Commission tried to reverse that policy. It required Internet Service Providers – and only Internet Service Providers – to get “click yes” affirmative approval for an overly broad amount of information. It’s these rules that AB 375 tries to emulate, and AB 375 goes even further.

Leading experts were opposed. The Democratically-controlled Federal Trade Commission raised dozens of objections. Former Rep. Henry Waxman, D-Los Angeles, a noted consumer advocate, said the FCC’s “sweeping default opt-in regime” would “undermine beneficial uses of data” and “could result in tangible consumer harm.” Another critical point: the FCC’s rules were never implemented and the underlying statute requiring ISPs to protect customer data is still in effect.

By legislating to such a broad swath of non-sensitive data, the bill opens the door to consumers needing to deal with a stream of “click yes” requests for routine Internet services. More important, as experts know, when faced with a stream of trivial requests, consumers pay less attention to real threats and important notices, which is a real risk to privacy and cybersecurity.

The bill runs counter to how the Internet has always operated, with seamless flow of data among various providers. If consumers are required to opt in to Internet providers, it would disrupt how others in the ecosystem make use of that information and could impact products and services across the Internet ecosystem.

Whatever you think of the FTC’s approach  versus the FCC’s , the idea that we must rush to set aside a 20-year policy in effect today and replace it with one that’s completely untested is nonsensical. Internet policy is far too important to get wrong. And the people whose jobs are on the line deserve to be heard.

Ed’s Note: Nancy Libin is co-chair of the Privacy and Information Governance Practice at Jenner & Block LLP and the former chief privacy officer at the U.S. Department of Justice.

  • Tracyrose

    How can you possibly refer to my Internet search data i.e. every website I visit and every search term I put into a search engine as “non-sensitive”? If I had that information about you, Nancy, I would know an awful lot about you. The Internet has changed from 20 years ago. It now contains a complete and comprehensive archive of our lives, not just our interests in cars. It includes our associations, political beliefs, financial and health data and secret worries and concerns. Americans (and Californians) overwhelmingly want the right to consent prior to the monetization of their data currency by their Internet Service Provider. That is why the FCC’s regulations in 2016 had vast public support, including over 2/3 of Republican voters as well as 4/5 of Democrats. AB 375 restores what the Trump Administration took away from us. The right to consent. It needs to be voted on and approved. Right now.

  • chesterj1

    Californians confront an out of control, Big Data-driven, apparatus operated by their phone and cable ISPs. There are no safeguards protecting privacy, something that Ms. Libin should admit. The only federal privacy law protects children. Once you turn 13, you have no protections (my group got that law passed in 1998). Ms. Libin and the companies she represents are afraid of allowing a California consumer to make their own decisions about whether their ISP (who gets paid each month) can also take their personal information and make it available to advertisers and marketers. Calif ISPs, like AT&T, Verizon and Comcast, are building powerful systems of surveillance. This proposed bill is a basic safeguard needed for today’s mobile phone and digital age.

Support for Capitol Weekly is Provided by: