Telcos Hope To Erode US Customer Privacy Protection But EU Privacy Shield Is Safe

A digital padlock. Security, privacy

UK and EU privacy regulators expressed concern over the new US administration’s data-protection policies

US telecommunications industry groups are spearheading a push to roll back privacy protections put into place by the country’s communications regulator last autumn as the influence of the new presidential administration begins to make itself felt.

The move came as UK and European Union privacy regulators expressed concern over the future of Europe-US data sharing regulations, which rely on agreements formed under the previous US administraiton.

EU US

Privacy regulation rollback

The US’ Federal Communications Commission (FCC) in October announced rules requiring telecoms companies, such as broadband providers, to allow customers to opt-in to data collection agreements, a move opposed by the telecommunications industry.

A group of several bodies representing US Internet service companies said it has filed a petition asking the FCC to stay the rules. The petition is backed by organisations including the CTIA, a mobile communications provider lobbying group, the NCTA, which represents Internet and television providers, the NTCA, which represents rural broadband providers, and others.

The groups argue the FCC’s rules are unnecessary and that companies can be relied upon to handle their customers’ data in a trustworthy way with the minimal oversight provided by the Federal Trade Commission (FTC).

“For over twenty years, ISPs have protected their consumers’ data with the strongest pro-consumer policies in the internet ecosystem,” the groups said in a statement. “ISPs know the success of any digital business depends on earning their customers’ trust on privacy.”

The Information Technology and Innovation Foundation (ITIF), a think tank that also opposed the rules, agreed that they should be halted before implementation before being removed entirely.

“The FCC privacy framework adopted just last October was a sharp departure from the FTC’s innovation-friendly, flexible guidelines that have overseen a successful burgeoning of the Internet,” said ITIF analyst Doug Brake in a statement. “It’s time to hit pause before these bad rules are implemented, and then hopefully wipe the slate clean to start fresh on a new policy direction.”

The Trump administration has indicated its opposition to such regulations with the appointment of Ajit Pai, who argued against them, as interim FCC chair.

Pai also notably opposed network neutrality regulations introduced by the FCC last year.

EU-US data protection implications

European indistry observers have said the incoming administration’s opposition to data protection regulations suggests that personal data on European citizens is likely to come under increasing scrutiny by agencies such as the FBI and the National Security Agency (NSA).

This was already the case under the previous administration, as exposed by NSA documents released by Edward Snowden, the publication of which ultimately led the EU to revoke its long-standing data-sharing deal with the US, known as the Safe Harbour agreement.

The EU-US Privacy Shield was agreed last year to replace Safe Harbour, but critics said the agreement cannot be effective without commitment from both sides.

UKCloud, which provides cloud services to public-sector organisations in the UK, said last week’s “unsettling” executive order affecting cross-border travel and immigration, meant uncertainty for European organisations who use cloud services operated by US companies.

“We have entered an era of uncertainly as the Trump administration takes office, with potentially many more unsettling executive orders to follow,” said Bill Mew, UKCloud’s cloud strategist, in a statement.

Cloud providers including Amazon, Microsoft and IBM have all launched UK data centres in order to allay fears over the security of data stored on their servers.

Privacy Shield concerns

The Information Commissioner’s Office (ICO) and EU data protection regulators agreed last week’s order doesn’t immediately affect Privacy Shield, but said the administration’s actions raises concern over its future policies.

Last week’s order, framed as an internal national security measure, calls for “state agencies to the extent consistent with applicable law, (to) ensure that their privacy policies exclude persons who are not US citizens or lawful permanent residents from the protections of the Privacy Act” as it applies to personally identifiable information.

What about Europe? Find out on page 2..