ISPs Need Final Regulations To Know Likely Cost of Privacy Regulations, AT&T Executive Says
The cost of complying with the FCC’s proposed privacy rules could vary widely, depending on the specific rules the agency ultimately approves, Bob Quinn, AT&T senior vice president-federal regulatory, told reporters after an FCBA seminar on ISP privacy Friday. “This is a very rigid regulatory structure that they’re talking about putting in place,” said Quinn, formerly AT&T chief privacy officer.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The costs could be high, Quinn said. “It’s hard to say until we see the final rules,” he said. “The FCC is “talking about mandating dashboards. They’re talking about point of sale notices specifically about privacy. … Do I have to give people a copy of my privacy policy when they sign up for service at one of the stores? I don’t know.” ISPs will face additional data retention requirements and “additional layers of notice requirements,” he said.
Quinn said the rules will have to survive Office of Management and Budget review of the costs, based on information supplied by industry. In 2008, the FCC dropped backup power rules for cell sites based in part on OMB concerns about the actual costs of the rules, he noted (see 0812020137).
FCC Chairman Tom Wheeler and his staff don’t always have a realistic view of the costs of mandates, Quinn said. “If you listen to Chairman Wheeler, we can absorb infinite costs, it will never impact investment,” he said. Moody’s Investors Service issued a warning on the negative effect of the privacy rule before it was approved by a divided commission (see 1603150055). Moody’s said the rule could negatively affect more than half a trillion dollars of rated debt. “Wheeler just comes out and says, ‘Oh that’s wrong; I’ve got my opinion, Moody’s has got theirs.'”
Quinn predicted the U.S. Court of Appeals for the D.C. Circuit will still overturn part of last year’s net neutrality order. “I’m confident that at the end of the day the FCC is going to have an issue on its hands,” he said. “If the mobile broadband piece gets thrown out and we can’t do any of these privacy rules in the mobile context, what’s really the import of doing these rules?” he asked. “That’s the whole ballgame, right?”
FCC Wireline Bureau Chief Matt DelNero told the seminar the bureau is still weighing whether to grant extension requests so industry and other commenters have more time to respond to an NPRM on ISP privacy rules. Groups representing most of the communications industry sought a delay last week (see 1604210048).
DelNero said the industry motion was just filed: “We obviously still have that under review and haven’t reached any determination at this point.” DelNero said the bureau is aware it needs to makes a quick decision on any extension. The initial comment deadline of May 27 was set to give interested parties opportunity to file comments before the Memorial Day holiday “rather than right after,” he said. Other major proceedings have had similar time frames, he said. “We’re taking their request seriously, hoping to respond soon,” he said.
The FCC is still trying to figure out where to draw a line in the proceeding on which services are subject to the FCC rules, DelNero said. “I don’t want to go around making classification decisions on the fly,” he said. “There’s a lot that doesn’t fall within the boundary for a telecom service.”
A focus of the FCC is “just how do you provide some predictability,” DelNero said. “What is the consumer reasonably expecting?” A lot of privacy policy focuses on meeting customers’ reasonable expectations, he said.
DelNero said the FCC recognizes that ISPs will meet data security requirements various ways. “While we’re prescribing some specific results that we want to see, in terms of training programs … having a management structure in place, we’re not saying what that specific management structure is, what the specific training program has to do,” he said. “What works and makes sense for one company might not make sense for another.” Overly restrictive rules could also become out of date, he said.