On April 3, 2017, President Trump signed into law a Congressional joint resolution eliminating new broadband and voice privacy rules set forth in a November 2016 order (the 2016 Privacy Order) by the Federal Communications Commission (FCC) (the Joint Resolution). Members of Congress largely voted along partisan lines. The House approved the Joint Resolution by a 215-205 vote and the Senate approved it by a 50-48 vote.
The repeal occurred via Congressional Review Act (CRA) procedures, which enable Congress to rescind recently adopted agency rules. The Joint Resolution will have a modest impact on the status quo with respect to both broadband Internet access service (BIAS) providers and traditional voice providers, since few of the new rules in the 2016 Privacy Order had gone into effect when the Joint Resolution was passed into law. However, a less aggressive privacy posture at the FCC is likely to have ripple effects on privacy enforcement at both the federal and state level, as the Federal Trade Commission (FTC) and state attorneys general may attempt to step in to fill the gap, despite potential jurisdictional challenges. Moreover, unless and until the FCC finds otherwise, Section 201(b) (bars unjust and unreasonable practices) and Section 222 (requirements applicable to broadband are unclear) still apply to BIAS. As a result, BIAS providers and voice carriers should maintain reasonable privacy and data security policies and procedures to mitigate risks of enforcement intended to mind the gap in some way.
Our client advisory, available here, provides an overview of the repealed order, the CRA, and the steps providers should take to protect themselves during this period of uncertainty.