California judges agree to rehear critical data privacy case – with huge implications
If the decision is reversed, it would provide clarity over which federal regulator is in charge of ensuring that communications companies don’t abuse their user data, and would fill a dangerous gap created by the recent Congressional decision to scrap new privacy rules.
Back in August 2016, the appeals court ruled in favor of AT&T Mobility and said that the Federal Trade Commission (FTC) did not have the authority to fine the phone giant $100m for failing to tell customers that their “unlimited” data plans would be throttled once they reached a certain threshold.
The logic of the court was that the FTC was constrained by the fact that AT&T was legally designated a “common carrier” and so therefore stood outside the regulator’s jurisdiction. The FTC appealed that decision in October and asked for the case to be heard by the full Ninth Circuit – an en banc review – rather than just a three-judge subset of the court.
Since the original appeals court decision however, the case became much more complicated due to the actions of sister regulator the Federal Communications Commission (FCC) – which does have the authority to act against common carriers.
Back in 2015, as part of net neutrality rules, the FCC designated broadband providers as also being common carriers, pulling them under the FCC’s jurisdiction. Due to that decision, the FCC was obliged to draw up new data privacy regulations to deal with ISPs – and it chose to approve stricter rules than were in place at the FTC, arguing that ISPs have unique access to large quantities of very personal data due to being people’s internet provider.
However, both those actions – the reclassification of broadband providers as common carriers and the new data privacy rules – are now being pulled out by the new FCC administration following the election of President Trump.
FCC chair Ajit Pai controversially decided to scrap the new data privacy rules just days before they were due to take effect – a decision that was then later reflected and enforced by Congress.
Combined with Pai’s decision to reopen net neutrality rules, and specifically the classification of broadband providers as common carriers, that meant that a huge gap in data privacy opened up.
Thanks to the Ninth Circuit decision and Pai’s actions, suddenly there was no one to enforce data privacy rules at all. Both the FTC and the FCC were legally prevented from ensuring that companies like AT&T and Verizon – as well as companies like Google – were not abusing the vast quantities of user data they possess.
Soon after the FCC scrapped its own data privacy rules, the heads of both the FTC and FCC co-wrote a blog post arguing that the FTC was the right place for data privacy issues to be heard (which is, in all fairness, a good point).
AT&T was happy with the original decision and opposed being put under regulatory oversight. But the FCC wrote a legal submission supporting the FTC’s argument for a full rehearing of the Ninth Circuit’s original decision. And on Tuesday, the two regulators were rewarded by the Ninth Circuit agreeing to rehear the case with the full court.
Slice of Pai
It was a significant victory for Pai personally, who had taken a significant gamble in scrapping the rules and so put millions of US consumers in privacy legal limbo.
He tweeted that the decision was “an important win for consumers by making it easier for FTC to protect online privacy” – which somewhat overstates the situation since it is far from certain that the Ninth Circuit will actually reverse its own decision.
However, just as the appeals court in Washington DC decided not to hear a case against net neutrality en banc because of the decision by the FCC to revisit the rules, the Ninth Circuit appears to have been swayed by actions on the ground in the opposite direction.
Given that en banc hearings are rare, it points to a significant likelihood that the court will bend to accommodate new realities and decide to reverse its earlier decision. That would effectively shift federal regulation from being based on status (whether you are a common carrier or not) and move authority to issues based on activity – ie, whether you misused data.
If that happens, it would be a significant shift in how the US government and courts decide how to view the actions of the companies that handle citizens’ everyday communications.
Thinking most positively, it could also cause a much-needed shift in how the law functions in the internet era. It could even effectively kill off the furious back-and-forth over net neutrality rules and in particular the argument over “Title II” classification.
A new deal?
If we put on our rose-tinted glasses, it could even open a door for bi-partisan legislation to update the Telecommunications Acts of 1934 and 1996, since it would remove many of the current stumbling blocks to Congressional action.
That perfect scenario would put FCC chair Pai in a position to come across as a telco visionary rather than the partisan populist he has shown himself to be in recent weeks, which may explain his euphoria.
Of course, it could all swing the other way, with the Ninth Circuit deciding not to embrace the vision of a brave new world and reasserting its understanding of the law.
In that case, the entire population of the United States would lose critical data privacy protections thanks to Pai’s rash actions, and we will be on a path for another ten years of fighting thanks to classifications that were devised decades before the internet even existed.
No pressure, Ninth Circuit. ®