Privacy Rollback at the FCC; Google’s Stress Test
April 4, 2017 – Todd Ruback
I don’t claim to be a privacy oracle, but I do see a bigger issue that deserves wider discussion, namely who owns the personal data that the ISPs collect.
For the past few months I’ve been pretty engrossed in all things GDPR, so when both houses of the U.S. Congress voted to undo the FCC’s privacy rules aimed to put restrictions on how ISPs could use personal information, it felt like a proverbial bucket of cold water splashed on my face. I don’t claim to be a privacy oracle, but I do see a bigger issue that deserves wider discussion, namely who owns the personal data that the ISPs collect. The proposed legislation would give the ownership to the ISPs, a direct conflict with the EU’s General Data Protection Regulation, that hold personal data belonging to the person. Relations between the EU and US are already rife with politically charged issues, with much scrutiny on the US’s privacy safeguards and adequacy of existing ways to move digital data across borders. Additionally, since there is also a buried provision to prevent future privacy rules being imposed on ISPs, if enacted, the legislation would create a permanent state of un-regulation on the ISPs, whether by the FCC or even the FTC.
Layered on top of the rollback of the FCC’s privacy rules are two separate but related stories that could also impact digital trade with the EU. First, the European Parliament’s influential LIBE committee narrowly passed a resolution voicing ongoing concern with the heavily negotiated U.S. Privacy Shield, meant to replace the Safe Harbor Program as a way for U.S. companies to lawfully transfer personal data from the EU to the US. Second, the validity of Standard Contractual Clauses, another approved way to move data across borders, was argued over 21 days in Dublin, with the Irish Data Protection Commissioner asking the High Court to send this important case to the Court of Justice of the EU in Brussels to make a final determination. The High Court, in its measured wisdom, has reserved judgment for a later determination, which I hope will be released by May 3, the date of the Dublin DataSec 2017, where I’ll be a speaker. Clearly there will be much to discuss.
In digital advertising news, Google is coming under scrutiny, this time not from the regulators, but from the advertisers and publishers who are the foundation for Google’s advertising business, with a core group deeply concerned that their ads are inadvertently being placed in close proximity to extremist content and on sites that promote hate speech. Certainly this will be a central topic to be discussed at the upcoming DAA Summit 2017 in June, even more reason to register now.
In Evidon news, be sure to read some of our articles about the GDPR’s impact to different industries, including this one in eMarketer by Scott Meyer, our CEO, breaking down what marketers need to know about the GDPR, and also his other insightful GDPR missive about “Outrunning the Bear.” From me, check out my piece in Martech laying out what the GDPR means to the marketing technology industry—hint: there’s a bullseye on your collective back– and also this article describing both the GDPR and proposed ePrivacy Regulation, or cookie law. Finally, be sure to register here for an important GDPR webinar we are hosting on April 10 discussing how the GDPR is a game changing moment for all of us. I’ll be the moderator and am excited to have speakers from both Citigroup and Promontory, an IBM company to discuss the research in the groundbreaking GDPR report.
That’s it folks, and if you would like to receive the Dispatch via email every week, please sign up here and please follow me on Twitter at @CPORuback, where you can get even more insight and information on privacy and security topics.
Chief Privacy Officer