Today the Office of Federal Register published a final rule from the Federal Communications Commission (FCC or Commission) that formally voids the rule changes in the Commission’s 2016 Privacy Order—which Congress invalidated in a 2017 Congressional Review Act (CRA) joint resolution earlier this year—and reinstates the voice-centric customer proprietary network information (CPNI) rules “in effect immediately prior to the effect date” of the FCC’s 2016 Privacy Order.
As the Commission notes in the summary of today’s action, “because the CRA does not include direction regarding the removal . . . of the voided language from the Code of Federal Regulations, the FCC must publish this document to effect the removal of the voided” rule’s text. The Commission further explains that the publication of the previous rules is not an exercise of rulemaking authority, but rather simply effectuates what Congress had already done, and therefore today’s action is neither subject to public comment nor to judicial review. The FCC’s action is effective today and does not substantively modify the CPNI rules in effect immediately prior to the issuance of the 2016 Privacy Order.
In June, the FCC issued an Order that formally recognized the CRA’s disapproval of the 2016 Privacy Order and dismissed eleven petitions for reconsideration of the new privacy rules. The June Order noted that the reinstated rules would not apply to broadband service, which would be subject only to the text of Section 222 of the Communications Act, as amended. The June Order was met with a strong partial dissent from Commissioner Clyburn, who challenged the Commission’s decision not to place the item on public comment or to provide consumers with privacy rules beyond the “bare text of section 222” and “decade-old rules for legacy voice.”
For providers, today’s action formalizes what we’ve known for some time: the old CPNI rules are back in effect for non-broadband telecommunications carriers and providers of interconnected VoIP, and the statutory text of Section 222 continues to apply to broadband providers until further action.