By Jeff Brueggeman, AT&T Vice President of Global Public Policy

Consumers rightly expect consistent privacy protections on the internet, no matter what service, device or company is using their data. It sounds simple, but it is increasingly challenging in practice as the amount and variety of online data continues to grow exponentially. And there is an increasing risk that we will end up with a patchwork quilt of inconsistent and overlapping internet privacy regulations at the federal and state level, as almost played out in the California legislature recently. While some state legislative proposals target internet service providers (ISPs), we are also seeing a steady stream of state bills that seek to regulate broader aspects of internet privacy and cover all online companies. This fragmented approach will only serve to confuse consumers, impede innovation and distort competition.

It’s important to ensure we have a single, coherent framework with a single competent authority to govern privacy practices relating to all internet activity. Privacy policies and protections should be consistently applied across the entire internet ecosystem, including operating systems, browsers, devices, ISPs, apps, social media platforms and ad networks. And they should be based on the sensitivity of the data from the consumer’s perspective, not the technology or company involved.

The internet has evolved far beyond the traditional web browsing experience to become the center of our daily lives. Consumer online data is now being collected across billions of apps, Over-the-Top (OTT) services and connected devices. Entirely new product categories have emerged, such as in-home personal assistants, digital fitness trackers and ride-sharing services. A common myth perpetuated by some is that ISPs have more visibility into web browsing activity than other online companies. This is simply false. ISPs often have less visibility, due to factors such as the growing number of websites and apps that are using encryption.  

Consumer online data is being exchanged and used by countless online companies, many of which rely on advertising revenues. The digital ad market in the U.S. is expected to grow 16% this year alone and reach $83 billion in revenues. This reflects the broader market trend that many consumers are choosing free and discounted ad-supported services as an alternative to subscription-based services. In such a fast-changing and competitive environment, it is more important than ever to maintain a consistent approach to internet privacy.

For 20 years, the Federal Trade Commission (FTC) has developed and enforced a technology-neutral privacy regulatory regime. The FTC has brought hundreds of privacy cases since the beginning of the internet against a wide range of companies.

In 2015, the Federal Communications Commission (FCC) asserted privacy jurisdiction over ISPs and adopted ISP privacy rules that would have favored some online service providers over others. The FTC itself pointed out that these would have subjected consumers to an illogical and confusing array of regulations. The FCC’s actions also served as a warning that other federal agencies could adopt internet privacy regulations for specific sectors that create even more imbalance among internet companies. While Congress wisely repealed the FCC rules before they could take effect later this year, the issue of which agency has jurisdiction over ISP privacy has yet to be resolved.

Tomorrow, from 1pm to 3pm EDT, AT&T will host a privacy event to explore these issues in more detail and to discuss where we go from here. We will be joined by a diverse group of experts for a robust discussion of technology trends, market developments and how we can shape public policy to reflect the data revolution. You can register for the event and watch the live stream here.

Share this