As one of the epicenters of the Information Age and largest state in the Nation, California’s regulatory decisions can have an outsize impact on the data economy. Recently, the State has tried to use this pride of place to stamp its imprint on two important public debates. First, on September 30, 2018, Governor Brown signed into law the California Internet Consumer Protection and Net Neutrality Act of 2018 (Senate Bill 822), which seeks to impose, as a matter of state law, net neutrality regulation even more restrictive than the federal regime the Federal Communications Commission (FCC) repealed earlier this year. Second, earlier this year, California enacted (and then subsequently amended) the California Consumer Privacy of 2018, the broadest privacy law in the United States. As laid out below, these enactments have sparked legal and policy debates over whether California should be able to set rules that could become de facto national standards or whether federal rules do or should preempt California’s efforts. (more…)
Ever since the D.C. Circuit struck down the FCC’s overbroad rule defining “auto-dialers” under the Telephone Consumer Protection Act, district courts have debated the scope of the D.C. Circuit’s ruling: Did it effectively strike down earlier FCC pronouncements on what qualifies as an auto-dialer? In a carefully reasoned opinion, a district court judge in Chicago held last week that it did. (more…)
The Telephone Consumer Protection Act (TCPA) bar has been reeling ever since the U.S. Court of Appeals for the D.C. Circuit overturned a couple of key Federal Communications Commission (FCC) rules in ACA International v. FCC, including the FCC’s overbroad interpretation of the definition of an autodialer. However, the ruling still left several key provisions in place that facilitate the potential for significant liability and sow uncertainty for everyday business and compliance operations. Now the commission has issued a public notice seeking input about how it should interpret the TCPA. Comments are due June 13, 2018, with replies due June 28. (more…)
On March 16, 2018, the U.S. Court of Appeals for the D.C. Circuit issued a long-awaited ruling on a challenge to the Federal Communications Commission’s 2015 order that expanded the scope of the Telephone Consumer Protection Act (“TCPA”). In ACA International v. FCC, No. 15-1211, the court invalidated a rule that had broadly defined automatic telephone dialing systems, or “auto-dialers”; it also struck down the FCC’s approach to situations where a caller obtains a party’s consent to be called but then, unbeknownst to the caller, the consenting party’s wireless number is reassigned. In the same ruling, the court upheld the FCC’s decision to allow parties who have consented to be called to revoke their consent in “any reasonable way,” as well as the FCC’s decision to limit the scope of an exemption to the TCPA’s consent requirement for certain healthcare-related calls.
On April 3, 2017, President Trump signed the bill repealing the Federal Communications Commission’s much-debated broadband privacy rules. The House of Representatives voted 215–205 to disapprove the rules, after a party-line Senate vote of 50–48. The result is that the FCC’s key rules governing internet service providers’ collection and use of consumer data, as well as data security, will not go into effect as scheduled. Moreover, the FCC will be precluded from promulgating any regulation in “substantially the same” form until a future Congress allows such action.
*This piece originally appeared in Fortune Magazine on May 10, 2016.
As our online footprints grow in size and scope, it is more important than ever for Internet companies to protect us against hackers and disclose how they use our personal data. The Federal Trade Commission was long the main privacy cop enforcing these essential consumer protections. But last year, the FTC’s sister agency—the Federal Communications Commission—reclassified broadband ISPs as common carriers outside the FTC’s jurisdiction. Unless the courts reverse that decision, there are now two privacy cops on the Internet beat. The FCC polices ISPs like Verizon, Charter, and Sprint, while the FTC continues policing everyone else, from Google and Facebook to Apple and Amazon.
On March 31, 2016, a sharply divided Federal Communications Commission adopted a notice of proposed rulemaking (NPRM), soliciting comments on draft privacy guidelines for broadband Internet services providers (ISPs). These proposed guidelines spring from the Commission’s reclassification of broadband ISPs as common carriers under Title II of the Communications Act, which is currently under review in United States Telecom Association v. FCC in the Court of Appeals for the D.C. Circuit. If the Commission’s interpretation is upheld, the new guidelines would impose significant new transparency, consumer choice, and data security requirements under Section 222 of the Communications Act. Notably, these proposed rules will apply only to ISPs, leaving edge providers, such as web browsers, operating systems, and web sites, under the authority of the Federal Trade Commission.
Despite today’s approval and Chairman Tom Wheeler’s release of a factsheet on the subject, the text of the NPRM and the Commissioners’ separate statements have yet to be released. For further analysis of the Commission’s description of the NPRM’s contents, see FCC Proposes Privacy and Security Regulations for Internet Service Providers.
On March 10, FCC Chairman Tom Wheeler issued a “fact sheet” summarizing a sweeping proposal to regulate the privacy and data-security practices of Internet service providers. The proposal would subject ISPs to new stringent requirements that other participants in the Internet ecosystem do not face because they are subject only to the more elastic oversight of the Federal Trade Commission under that agency’s general “unfair or deceptive” standard.
*This post originally appeared in Law360 on January 7, 2016.
While 2015 was a big year in data, 2016 may prove to be even bigger. Many hot button and game changing topics are being debated in legislative bodies and campaign trails, regulators are focused, and privacy-related litigation continues to rise. Below, we count down the top ten cybersecurity, data protection and privacy issues to watch in 2016.