Data protection regulators on stage at the IAPP Global Privacy Summit last week for the session on "The Enforcers" were clear on one thing: There must be more collaboration amongst those charged with keeping consumers safe from harm. What exactly that collaboration will look like, however, remains to be seen.
European Data Protection Supervisor (EDPS) Giovanni Buttarelli focused heavily on some of the pledges made in his recently revealed five-year plan, particularly on finding the overlaps in EU law in an effort to make data protection principles more effective in practice. Additionally, the EDPS is aiming to foster greater collaboration between data protection authorities (DPAs). It sees itself as a central hub to gather data regulators’ responses on the key challenges facing DPAs in the EU, with an aim toward representing institutions at international forums like the Council of Europe with a single voice on fundamental rights in the Digital Age.
“That doesn’t mean the EDPS is the only voice,” he said. “But we are all dealing with the same phenomenon, which is the proliferation of free-to-consumer ad business models, and we’re all challenged by these issues, and there’s a lack of a dialogue.”
The EDPS isn’t the only institution looking for collaboration. Travis LeBlanc, chief of the Bureau of Enforcement at the Federal Communications Commission (FCC), said his agency is aiming for greater collaboration between agencies like the Federal Trade Commission (FTC), FCC and Department of Justice. He sees that as especially important given that the FCC is entering a new era of privacy enforcement, though he was quick to point out—almost defensively so—that privacy as a regulatory area isn’t entirely new to the FCC.
“The FCC has long had a strong privacy regime,” he said.
The FCC has had a mandate to enforce privacy on the books for a long time, but its latest decision to consider broadband Internet service providers as “common carriers,” and therefore under FCC jurisdiction for the first time, does mean some changes.
“The FCC has to start to think hard about data,” LeBlanc said. “We saw that last week with the decision, and we’re going to see that a lot more.”
He added that broadband service providers are playing a significant role in the global economy now and attention must be paid to what kind of effect that will have on consumers’ well-being.
“We have got to be thinking about what privacy protections are meant to be in place there, that what they disclose to consumers about terms of service is sufficient and adequate,” he said.
That means an increased collaboration between his agency and the international data protection community at large but particularly the FTC, LeBlanc said.
“We’ll be working together more often, just like one of the principles Giovanni has put in his plan about more cooperation,” he said, referring to EDPS Buttarelli.
“My big concern is the FCC’s recent net neutrality decision is going to raise some serious enforcement challenges for the FTC.”
—Federal Trade Commissioner Maureen Ohlhausen
But the FTC’s Maureen Ohlhausen, who was sitting next to LeBlanc, was much less optimistic about the new role the FCC will play in privacy enforcement. She worries about jurisdictional conflicts and consumer confusion.
“My big concern is the FCC’s recent net neutrality decision is going to raise some serious enforcement challenges for the FTC,” she said. “So I think as we try to continue our active enforcement agenda, we’re going to hear from companies that say, ‘Oh, that’s a common carrier,' and our job is going to be made much more difficult in the future with this new classification of broadband. It’s an unfortunate side effect of the FCC’s decision.”
Looking ahead to how the FCC will use its newfound power, LeBlanc said the agency will use all the regulatory tools it has available; rather than jumping straight to enforcement actions, it may use workshops, for example, to help educate regulated entities. Or it may employ its rule-making authority “to think about specific areas where a rule is a better way forward than just making an enforcement action.”
LeBlanc also predicted there will be rule-making around Section 222 of the Communications Act, which regulates how companies protect customers proprietary network information, to respond to the ways in which such proprietary information—including where you travel on the Internet or what you purchase—should apply now that Internet providers would be covered under the act.
"That will lead to important privacy protections being put in place there," LeBlanc said.
If you want to comment on this post, you need to login.