Expect debate over preempting state privacy laws for ISPs, Senate staffers say
19 April 2017. By Amy Miller.
Expect a heated debate over federal preemption of proposed state laws that would regulate broadband providers' privacy practices after Congress repealed the US Federal Communications Commissions' privacy rules, lawyers for the US Senate said at a privacy conference* Wednesday.
Several states are considering bills that would restore consumer digirights lost after Congress blocked implementation of FCC rules that required Internet service providers to get customers' permission before selling their personal information.
Rolling back the rules put the FCC and the US Federal Trade Commission on a level regulatory playing field, argued Peter Feldman, counsel to the US Senate Committee on Commerce, Science and Transportation. Feldman advises panel Chairman John Thune, a Republican from South Dakota.
But Christian Fjeld, the committee's senior counsel and adviser to ranking member Senator Bill Nelson, a Florida Democrat, countered that rolling back the FCC's rules has created a regulatory loophole because the FTC doesn't have authority to regulate broadband providers. And states have stepped in.
The problem, Feldman said, is that all those state laws will create conflicting standards, and preemption may be one solution. Similar issues arose when Congress failed to pass a national data breach notification law, and 48 states have since decided to pass their own, he said.
"That's a real bear, and it makes a strong case for putting together a coherent, consistent set of privacy standards, and one way to do that is through federal preemption," Feldman said.
A role could be preserved for state regulators, and carve out roles for state attorneys general, Feldman said.
Congress has considered data security bills in the past that included a federal preemption provision, said Fjeld, but a point of contention has been how expansive a preemption provision should be.
Other questions include whether it would eliminate states' ability to take on data security matters, and whether it would preempt common laws in addition to statutory laws.
"This has been an issue that's popped up," Fjeld said, "and it's where our members are going to have big-time disagreements."
*IAPP Global Privacy Summit 2017. Washington, DC. April 17-20, 2017.