FCC's next big battle? Online privacy.

The agency's designation of Comcast and Verizon as "common carriers" last March means they are subject to regulation about what types of data they collect about their customers. That's set off a battle between the companies and privacy groups.

Demonstrators protest a now-scuttled merger between Comcast Corp. and Time Warner Cable Inc., in Philadelphia in September 2014. Since the Federal Communications Commission adopted net neutrality regulations in March 2015, questions have been brewing about the agency's authority to crack down on data collected by Internet and mobile providers like Comcast and Verizon, which are expanding into using customers' data to create customized online ads.

Matt Rourke/AP/File

February 17, 2016

In casting a deciding vote in favor of net neutrality through its Open Internet Order last March, the Federal Communications Commission also took a larger step, classifying broadband Internet providers as “common carriers” under Title II of the Communications Act.

That gave the regulator a broader degree of authority to oversee how Internet service is provided, setting up a second battle on an issue that could be equally thorny — how much data Internet providers may collect from their customers.

The rules, which now apply to companies such as Comcast and Time Warner as well as mobile carriers such as AT&T, Verizon, and T-Mobile, could potentially impact the highly-lucrative business of online ad-tracking, where customers’ Internet histories are used to generate ads that a company thinks they may want to see.

Why many in Ukraine oppose a ‘land for peace’ formula to end the war

The FCC’s broad mandate has provoked a variety of reactions. On the campaign trail last month, Sen. Ted Cruz blasted the decision as “lunacy,” and previously likening net neutrality to “Obamacare for the Internet.” The decision won praise from Federal Trade Commissioner Julie Brill, who said in a speech in November that the regulator’s robust authority “makes the FCC a brawnier cop on the privacy beat.”

With the FCC facing a court challenge over its net neutrality rules, the conflict, which pits cable companies and Internet providers against a range of privacy and open Internet advocates, appears to be heating up this month.

The regulator hasn’t yet said how it will approach the issue, though in November Chairman Tom Wheeler said the FCC hoped to address the issue “in the next several months.”

Last week, several of the largest cable and telecom lobbying groups sent a letter to Chairman Wheeler arguing that the FCC should follow the approach of the FTC, which can impose fines or intervene if a particular practice is determined to be “unfair and deceptive.”

“We encourage you to develop a framework that offers consumers robust privacy protection, while at the same time allowing broadband providers to continue to innovate and compete,” they wrote.

In the race to attract students, historically Black colleges sprint out front

In their own letter to the regulator last month, nearly 60 privacy advocates and consumer groups argued that the FTC’s policy doesn’t go far enough, saying that the FCC was in a better position to clarify the rules on how customers’ data is handled by Internet providers.

“As the role of the Internet in the daily lives of consumers increases, this means an increased potential for surveillance. This can create a chilling effect on speech and increase the potential for discriminatory practices derived from data use,” the groups wrote.

The debate hinges on interpretations of a particular section of the Communications Act that governs users’ privacy. It says that carriers can’t share anything without their customers’ permission and that any “aggregate” data that is shared can’t contain information that identifies a particular user.

But many specifics of the law, such as how Internet providers should get their customers’ permission or how much data is counted as “personally identifiable,” are unclear, tech site The Verge notes.

Some groups have also noted that there is a distinction between broadband providers such as Comcast and website operators and other so-called “edge providers” in terms of the amount of customer data they are able to access.

“An edge provider receives only a subset of the information that a subscriber’s online activity generates ... by stark contrast a [broadband provider] receives all of a subscriber’s online activity data and the only way for the subscriber to avoid that data collection is to disconnect from the Internet,” wrote members of the open Internet group Public Knowledge in a white paper released on Tuesday.

While users could avoid online tracking from websites by using browser settings and sites that offer a “do not track” feature, this isn’t an option with data collected from Internet providers, the group notes.

But some companies have also blurred the line between the two, with Verizon’s acquisition of AOL during the summer of 2015 particularly focused on gaining access to AOL's sophisticated online advertising technology, which could increase its prominence in a market dominated increasingly by Facebook and Google.

Last year, the Electronic Frontier Foundation also raised similar concerns that Google was tracking students’ data mined from the company’s Chromebooks and educational software despite publicly promising not to do so, a claim the search engine giant denied. The watchdog’s complaint – which wouldn’t be impacted by a decision by the FCC because Google is not considered a carrier in this case – is currently pending with the FTC.

The regulator has given indications that it could address privacy issues related to net neutrality as early as March, though this process could be impacted by the forthcoming ruling from the DC Circuit Court of Appeals, which is considering the cable companies’ net neutrality challenge.

“I think there’s a sense that we can do better on privacy protection,” Matt Wood, policy director at Free Press, a consumer group, told the Hill. “And the FCC has some tools to do that the FTC may not.”

"I guess in the end, I’m much less concerned about allegedly duplicative or different rules applying to different providers than I am about getting it right for the user and making sure there actually is protection for them,” he added.