Internet Privacy Back on the Agenda

On April 3,  President Trump signed legislation repealing the Federal Communications Commission privacy rules.  During their spring recess, Republican members of Congress received an earful from angry consumers.

One month later, Rep. Marsha Blackburn (R-TN), who introduced the repeal resolution in the House, introduced H.R. 2520 the “Balancing the Rights of Web Surfers Equally and Responsibly Act of 2017’’ or the ‘‘BROWSER Act of 2017’’.  The bill requires broadband providers to disclose their privacy practices and establishes opt-in approval for the use of sensitive information, which includes:

  • financial information,
  • health information,
  • about children under 13,
  • Social Security numbers,
  • precise geo-location information,
  • content of communications,
  • web browsing history, or
  • history of usage of a software program or mobile application.

The bill also places privacy regulation squarely within the Federal Trade Commission.  No action has been taken on the bill.

The repeal effort has led a number of states to step into the fray.  Most notable is the California Broadband Internet Privacy Act (AB-375) introduced by Assemblyman  Ed Chau which establishes an opt-in protocol for ISPs and requires ISPs to implement reasonable security practices.  Opt-in would be required for:

  • Name and billing information;
  • Government-issued identifiers, including social security number;
  • Information that would permit the physical or online contacting of an individual, such as physical address, email address, phone number, or IP address;
  • Demographic information, such as date of birth, age, gender, race, ethnicity, nationality, religion, or sexual orientation;
  • Financial information;
  • Health information:
  • Information pertaining to minors;
  • Geolocation information;
  • Information from the use of the service, such as Web browsing history, application usage history, content of communications, and origin and destination Internet Protocol (IP) addresses of all traffic;
  • Device identifiers, such as media access control (MAC) address or Internet mobile equipment identity (IMEI); and
  • Information concerning a customer or user of the customer’s subscription that is collected or made available and is maintained in personally identifiable form.

While the bill has been endorsed by the San Diego Union-Tribune, the San Francisco Chronicle , and the San Jose Mercury News, it is being opposed by the ISPs, TechNet and the California Chamber of Commerce.  In addition, the bill has been referred to three separate Senate committee who must approve the legislation by July 21 or it will die until next year.