• FCC National Broadband Plan: Privacy Recommendations
  • March 30, 2010 | Authors: Ronald W. Del Sesto; Jon Frankel; Andrew D. Lipman; Catherine Wang
  • Law Firm: Bingham McCutchen LLP - Washington Office
  • On March 16, 2010, after a 13-month study, the Federal Communications Commission released to the public and Congress "Connecting America: The National Broadband Plan," containing its policy recommendations for achieving national goals identified by Congress in 2009 legislation, including ensuring that every American has "access to broadband capability."

    Among a host of policy recommendations in various areas, the National Broadband Plan includes a number of recommendations focused on online end-user privacy. The Plan first acknowledges the growth in the applications and content available over broadband networks, and that the collection, aggregation and analysis of personal information are common threads among, and enablers of, many application-related innovations.  While data collection has enabled businesses to provide increasingly valuable services to end-users, the Plan also recognizes that many users are increasingly concerned about their lack of control over sensitive personal data, and hypothesizes that innovation will suffer if a lack of trust exists between users and the entities with which they interact over the Internet. In that regard, the Plan recommends a number of policies to better reflect consumers’ desire to protect sensitive data and to control dissemination and use of what has become essentially their “digital identity.” 

    While not addressing the details of how the legal landscape should be reformed, the Plan concludes that revising the current Privacy Act to give consumers more control over their personal data and more confidence in the security of their personal data can improve the broadband ecosystem. “Updating the Act for the 21st century reality of digital interaction and seamless content sharing could drive more Americans online, increase their utilization of the Internet and help American businesses and organizations develop deeper and more trusted relationships with their customers and clients.”

    Privacy and Anonymity

    The Plan suggests several policy recommendations aimed at clarifying the existing patchwork of potentially confusing privacy regulations:

    • Congress, the Federal Trade Commission (FTC ) and the FCC should consider clarifying the relationship between users and their online profiles. In particular, several questions need to be addressed:

      • What obligations do firms that collect, analyze or monetize personal data or create digital profiles of individuals have to consumers in terms of data sharing, collection, storage, safeguarding and accountability?

      • What, if any, new obligations should firms have to transparently disclose their use of, access to and retention of personal data?

      • How can informed consent principles be applied to personal data usage and disclosures?

    • Congress should consider helping spur development of trusted “identity providers” to assist consumers in managing their data in a manner that maximizes the privacy and security of the information. Standard safe harbor provisions could allow companies to be acknowledged as trusted intermediaries that properly safeguard information, following appropriately strict guidelines and audits on data protection and privacy. Congress should also consider creating a regime that provides insurance to these trusted intermediaries.
    • The FCC and FTC should jointly develop principles to require that customers provide informed consent before broadband service providers share certain types of information with third parties. This information should include customers’ account and usage information such as patterns of Internet access use and other personally identifiable information. This should not limit the ability of the provider to render reasonable service. Consent to allow sharing of personal information should not be a prerequisite to receiving service.

    Identity Theft and Fraud

    The Plan states that with increases in electronic communications and online commerce, and the aggregation of information in databases, identity theft has become a growing concern. Consumer risks like fraud and identity theft create a disincentive for individuals to engage in online transactions, increase the costs of doing business online and create law enforcement challenges. As such, it offers several recommendations largely aimed at strengthening existing federal programs:

    • The federal government, led by the FTC, should put additional resources into combating identity theft and fraud and help consumers access and utilize those resources, including bolstering existing solutions such as OnGuard Online to ensure:

      • it is easily accessible to consumers and provides them with information on  risks, solutions and who they can contact for further action.

      • Federal agencies should connect their existing online websites to OnGuard Online and direct consumers to its resources.

      • The FTC should maintain and publicize a database of agencies responsible for identity theft and fraud information, with clear information and directions available to consumers.

      • The federal government should continue educational efforts that clarify for consumers and businesses that personal information should only be collected when necessary and that entities should take reasonable measures to protect information from unauthorized access.

      • All agencies should encourage broadband service providers to link to OnGuard Online to direct potential victims of identity theft or fraud to necessary resources.

    Consumer Online Security

    While the Plan recognizes that a number of various providers have an incentive to protect consumer online security, it finds that there remains a critical need for more consumer education on what threats they face, how to protect their connections and where to turn in case of emergency:

    • FCC consumer online security efforts should support broader national online security policy, and should be coordinated with the Department of Homeland Security (DHS), the FTC , the White House Cyber Office and other agencies.

    • Federal agencies should connect their existing websites to OnGuard Online to provide clear consumer online security information and direction.

    Child Protection

    There is a growing consensus that children need to be taught the critical skills necessary to succeed in an online environment. The Plan recommends strengthened federal oversight on this issue:

    • The federal government should create an interagency working group to coordinate child online safety and literacy work, facilitate information sharing, ensure consistent messaging and outreach and evaluate the effectiveness of governmental efforts. The working group should consider launching a national education and outreach campaign involving governments, schools and caregivers.

    Digital Goods and Services Taxation

    The Plan recognizing that state and local governments pursue varying approaches to raising tax revenues, and that such a patchwork hinders new investment and business models. As such, the Commission proposes the investigation into a national framework for digital goods and services taxation to help reduce uncertainty and remove one barrier to online entrepreneurship and investment:

    • The federal government should investigate establishing a national framework for digital goods and services taxation.