Good Riddance: California’s Broadband Privacy Bill Was Unnecessary and Unhelpful

Congressional Republicans in Washington touched a nerve in April, 2017 when they voted to prevent Obama-era regulations from going into effect that would have required broadband service providers to ask subscribers for affirmative consent before doing anything with data they generate. Many Californians probably counted this among the many examples of D.C. dysfunction—Assemblyman Ed Chau (D-Monterey Park) certainly did. Riding a mini-wave of activist-inspired discontent after the federal rules were swept off the books, Chau introduced a bill in the California Legislature that would have reconstituted them at the state level. This bill, which was thankfully withdrawn from committee last Friday, might have been good politics, but it was bad policy. The poorly balanced federal rules were the product of an ill-advised power grab by the Federal Communications Commission—both Congress and California were right to nix them.

By preventing the federal rules from going into place, D.C. was simply working to return broadband privacy to its traditional and rightful overseer, the Federal Trade Commission (FTC). The FTC has successfully crafted privacy policy throughout the burgeoning U.S. Internet economy, enforcing best practices and keeping companies honest. FTC oversight carefully balances privacy protections with other values, such as cost (or lack thereof in the case of so many “free” online services), usability, and innovation. It was a bad idea to splinter off special rules for broadband providers at the federal level, and it is an even worse idea to splinter off special rules for an individual state’s broadband providers.

State-level broadband privacy laws are not needed. All major broadband providers offer consumers the ability to opt out of data collection programs, plus where information is shared it is typically de-identified and aggregated with other users. So no, you can’t find out the Internet habits of members of Congress.

Changing course from the historical privacy protections of the FTC framework to a state-by-state patchwork would disrupt ongoing dynamic competition in new uses of Internet data, ultimately slowing the rate of growth of broadband deployment and adoption and degrading users’ online experience. Beyond the obvious opportunities to potentially lower broadband prices through advertising support, large pools of data are increasingly a key fuel for innovation. Recent breakthroughs in artificial intelligence are predicated on “training” algorithms on big datasets (and artificial intelligence can help optimize network performance and improve security). To effectively shut data collected by broadband providers out of this growing field would be a mistake.

The restrictions on data collection proposed in California would also set a poor precedent for other sectors of the economy, potentially setting the stage for a privacy tower of babel where different states set up conflicting privacy laws for different sectors of the economy. What’s more, broadband traffic regularly crosses state boundaries, making it is impractical for large-scale networks to set individual policies for different states. Such laws would stifle economic growth (for all but privacy lawyers).

Far better to stick with the uniform process that has worked well so far, supporting data-fueled innovation and giving consumers the power to simply opt out of practices they don’t like. No doubt, misleading fearmongering caused a significant backlash after the federal rules were repealed. But these rules never went into effect; when consumers keep the same privacy protections that have always been in place, moral panic is unjustified.