Later today, Peter Swire, FPF Senior Fellow, will participate at the FCC’s public workshop on broadband consumer privacy. He also prepared written comments expanding on his thoughts. Professor Swire summarizes his research as follows:
First, I examine the effect of the Section 222(a) definition of “proprietary information” as compared with the Section 222(c) definition of “customer proprietary network information.” (CPNI) My conclusion, based on some analogous provisions from HIPAA and GLBA, is that the Commission should be cautious about founding any additional regulatory requirements under this proceeding based on the language in 222(a).
Second, I examine the intersection of privacy and competition law, drawing on my previous writings in the area. New entry into online advertising, including by broadband providers, could be a new source of competition on privacy attributes. My recommendation to the Commission is to consider the effects of this potential competition on privacy and other non-price aspects of competition, along with price aspects of competition, as part of the overall assessment of how to govern the use of CPNI for broadband providers.
Third, I address priority uses of information that I believe should be permitted in the CPNI context. Although I do not seek to create a complete list of possible exceptions to the general CPNI rule of consumer opt-out, I do emphasize three areas where an opt-out is not generally appropriate – anti-fraud, cybersecurity, and research on network usage. I also analyze the role of de-identification and aggregate information under Section 222, suggesting strategies to preserve the utility of de-identified and aggregate information while protecting privacy. In this discussion, I do not take a position on whether a rules-based, principles-based, or other approach should be adopted by the Commission. Instead, I emphasize that important interests such as anti-fraud and cybersecurity should be taken into careful consideration in whatever approach the Commission pursues.
He concludes that translating Section 222 privacy protections to the broadband sector is far from a simple task, noting the “considerable technical and market differences from the telephone market governed by the 1996 CPNI rules.”
Professor Swire’s full written comments are available here.