The Federal Communications Commission (FCC) has unveiled a privacy plan that threatens to disrupt the current way consumers and advertisers reach each other, with increasing concern on behalf of the ANA, 4A's and other trade groups on the definition of 'sensitive data.'
The coalition is challenging the FCC privacy proposal rules in a letter submitted this week complaining that if adopted the regulation will result in an onslaught of opt-in requests with all web browsing and app usage histories swept up in this new definition and which would now be considered 'sensitive' data.
"This counterproductive proposal has been introduced late in the Commission's process, with little opportunity for public review and comment," stated the coalition in a letter to FCC Secretary Marlene H. Dortch.
The main concern by the trade organizations and others is that the expanding definition of 'sensitive information' would require a vast amount of opt-in consents by consumers. The letter to the FCC by trade groups calls an 'opt-in' consent from consumers when ISPs use or share web behavior and app usage data 'an unprecedented step.'
Additionally, the ANA and other groups are asking their members to consider a scenario where every time someone goes on-line to listen to music or to look up the closest car dealership, or carry out a myriad of other searches, they might need to give their consent to information-gathering.
For the past six months, the FCC has been working with consumer and public interest groups, fixed and mobile ISPs, advertisers, app and software developers, academics, other government actors including the FTC, and individual consumers with the aim of establishing privacy protections on how ISPs use and share their data, according to Tom Wheeler, FCC chairman who addressed this issue on the FCC website on Oct. 6. He wrote that “the FCCs proposes that an ISP would be required to notify consumers about what types of information they are collecting, specify how and for what purposes that information can be used and shared, and identify the types of entities with which the ISP shares the information.
In addition, the FCC proposed that ISPs would be required to obtain affirmative “opt-in” consent before using or sharing sensitive information. Information that would be considered “sensitive” includes geo-location information, children’s information, health information, financial information, social security numbers, web browsing history, app usage history, and the content of communications such as the text of emails. All other individually identifiable information would be considered non-sensitive, and the use and sharing of that information would be subject to opt-out consent.”
The American Advertising Federation, the American Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, the Electronic Retailing Association, the Electronic Transactions Association, the Interactive Advertising Bureau and the Network Advertising Initiative commented on the original rule proposal in May and argued that the industry-led online ad privacy program, the Digital Advertising Alliance's Ad Choices, is already a safeguard that protects online consumer privacy. The National Business Coalition on E-Commerce and Privacy joined the groups in the recent complaint.
"This overreach by the FCC would result in consumers having to opt out repeatedly throughout the day as they browse the web or be overloaded with a constant drumbeat of opt-in choices. In either case, this will have severe negative impacts for the on-line and mobile experience, resulting in harm to consumers and threatening the financial underpinnings of the Internet ecosystem,” wrote the ANA to its members. “We strongly encourage the FCC as it continues its deliberations to reconsider this proposed definition, to ensure that it is not unduly broad and sweeping, and does not result in serious harms to the consumer experience."
In addition, while the FCC claims to be focusing on the issue of the sensitivity of data, this aspect appears to be virtually ignored in its data security approach, the ANA said. This will inevitably lead to over-notification of non-sensitive data breaches undermining the value of this type of notice requirement, they noted.
The full FCC will discuss the proposals by its chairman on October 27.