Dec 142015

FTC & FCC Memorandum of Understanding on Consumer Protection

Alan Charles Raul and Vivek K. Mohan
, , ,

The Federal Trade Commission (FTC) and Federal Communications Commission (FCC) have been active in recent years in bringing consumer protection enforcement actions, with a particular focus on privacy and data security issues.  Recent regulatory action from the FCC associated with “net neutrality,” however, has blurred the line as to where each agency’s jurisdiction begins and ends, particularly for companies offering broadband Internet access service.  Recognizing this uncertainty, on November 16, 2015, the FTC and FCC announced that the agencies had signed a “Memorandum of Understanding on Consumer Protection.”  The MoU set out that the agencies will work together to “coordinate on agency initiatives where one agency’s action will have a significant effect on the other agency’s authority or programs.”

Background

In February 2015, the FCC adopted the “Open Internet Order,” which reclassified “broadband Internet access service” as a telecommunication service subject to “common carrier regulation” under Title II of the Communications Act of 1934.  In the Open Internet Order, the FCC made broadband Internet access service providers subject to certain key consumer protection provisions of Title II, including 47 U.S.C. § 201(requiring that “all…practices…shall be just and reasonable, and any such…practice that is unjust or unreasonable is declared to be unlawful”), and 47 U.S.C. § 222, which addresses the treatment of “customer proprietary network information” (CPNI).

While the FCC’s reclassification is currently being challenged before the D.C. Circuit, it has had the important effect of stripping the FTC of jurisdiction over entities that provide broadband Internet access service – at least in part.   The FTC’s so-called Section 5 authority proscribes “unfair or deceptive acts or practices in or affecting commerce” and provides the FTC with general jurisdiction over entities that participate in interstate commerce. 15 U.S.C. § 45(a).  However, the FTC’s Section 5 authority does not extend to “common carriers subject to the Acts to regulate commerce,” which includes the Communications Act. 15 U.S.C. §§ 44, 45(a)(2).

Takeaways

  • This is not the first time the FTC has been stripped of jurisdiction for consumer protection in certain sectors; indeed, the FTC-FCC MoU follows the FTC’s pattern of executing such agreements with successor agencies that are given a primary oversight role, such as the Consumer Financial Protection Bureau.  It is clear that the FCC will seek to leverage and build on the  FTC’s legacy of aggressive consumer protection enforcement over broadband Internet access service providers using its own authorities.  The MoU calls for general coordination between the agencies, and includes concrete steps such as allow the FCC to access and contribute to the FTC’s “Consumer Sentinel Network,” an online database of consumer complaints.
  • There is significant uncertainty as to how the FCC will exercise its newfound consumer protection authority over broadband Internet access providers.  Indeed, rulemaking implementing the CPNI statute has slipped the FCC’s own expressed timetable of “autumn” 2015.  In the meantime, the FCC has issued an enforcement advisory directing broadband Internet service providers to take “reasonable, good faith steps” to protect consumer privacy.
  • Jurisdictional uncertainty between the FTC and FCC remains.  While the FCC is clearly in the drivers’ seat when it comes to regulating the “common carrier” aspect of broadband Internet access service providers, recent court decisions may encourage the FTC to argue that it has not been fully divested of oversight power over entities that provide a common carrier service.  In March 2015, the Northern District of California denied AT&T’s motion to dismiss the FTC’s complaint regarding the alleged throttling of customer data plans for lack of jurisdiction over “common carriers.”  While this case interpreted the scope of the FTC’s authority prior to the Open Internet Order, AT&T was already regulated as a common carrier in connection with its provision of telecommunications (telephony) services.  The court held that the FTC’s Section 5 authority “can be applied to an entity that has the status of a common carrier so long as what is being regulated is the entity’s non-common carriage services.”  This line may be difficult to draw, as the FTC’s 2014 investigation into the security protocols used on Verizon routers illustrates.  The FTC would likely argue that routers are not properly considered to be part of the “broadband Internet access service.”
  • The MoU states the agencies’ joint view that “the FTC Act does not preclude the FTC from addressing non-common carrier activities engaged in by common carriers,” and that action by one agency or the other should not be taken to be a limitation on the authority available to the other.  The MoU goes on to state that to the extent that both the FCC and FTC have authority to address the same conduct, they will follow the processes in the MoU.  While these are not set forth in the MoU in great detail, it does call for the agencies to conduct joint enforcement activities and coordinate public statements.
Alan Charles Raul

Washington, D.C., New York

araul@sidley.com

Vivek K. Mohan

vmohan@sidley.com

You might also like
FCC Proposes Updated Data Breach Reporting Requirements, Comment Period Ongoing

On January 6, 2023, the Federal Communications Commission (the Commission) released a unanimously adopted Notice of Proposed Rulemaking, “In the Matter of Data Breach Reporting Requirements” (Proposed Rule).  The Commission sought comments through February 22, 2023 on the Proposed Rule which will update its current data breach reporting rule. Reply comments are due on or before March 24, 2023.

New FTC Guidance for Mobile Health Apps

Healthcare providers, health plans, and technology companies that use mobile health apps to access, collect, share, use, or maintain information related to an individual’s health should take note of the recently issued Federal Trade Commission (FTC) Mobile Health App Interactive Tool. The purpose of the tool is to help mobile health developers determine the federal regulatory, privacy, and security laws and regulations that may apply to the use of a consumer’s health information, such as information related to diagnosis, treatment, fitness, wellness, or addiction. While the tool should not be considered legal advice and cannot guarantee compliance with legal requirements, it can help healthcare providers, health plans, and technology companies issue-spot to manage risk in this heavily regulated space.

FINRA Issues 2023 Report on Its Examination and Risk Monitoring Program

On January 10, 2023, the Financial Industry Regulatory Authority (FINRA) published its 2023 Report on its Examination and Risk Monitoring Program (the Report).1 The 75-page Report includes four new topic areas for 2023: (1) manipulative trading, (2) fixed income — fair pricing, (3) fractional shares — reporting and order handling, and (4) Regulation SHO.