The 'Privacy Coalition' That Wants to Trim Data Regulations for Telecom Giants

The group is led by Mary Bono, a former Republican congresswoman from California

The group is led by Mary Bono, a former Republican congresswoman from California Cliff Owen/AP File Photo

The 21st Century Privacy Coalition is funded by companies including Comcast, AT&T, and Verizon.

The "21st Century Privacy Coalition" might sound like the name of a group fighting for stronger privacy protections in the Internet age. But, in fact, it represents some of the nation's largest cable and phone companies, and is working to help those companies escape regulations on how they have to handle customer data.

If the group gets its way, Congress would loosen regulations over the way companies have to keep sensitive information—such as what phone numbers you've sent text messages to, what you've watched on television, and potentially even what websites you've visited.

The group is led by Mary Bono, a former Republican congresswoman from California, and Jon Leibowitz, a former Democratic chairman of the Federal Trade Commission. Funded by Comcast, AT&T, Verizon, Time Warner Cable, DirecTV, and industry trade associations, the coalition has spent nearly $2 million on lobbying, according to disclosure records. That money has gone to hire lobbyists from two firms: Mayer Brown and Ryan, MacKinnon, Vasapoli, and Berzok.

It has essentially one goal: pass the Data Security and Breach Notification Act. The bill, which cleared the House Energy and Commerce Committee last month, is intended to combat the kinds of massive hacks of personal information that have hit Target, Home Depot, and other companies in recent years. President Obama even urged Congress to act on the issue during this year's State of the Union address.

The House legislation, authored by Republican Rep. Marsha Blackburn of Tennessee and Democratic Rep. Peter Welch of Vermont, would require companies to have "reasonable" security and to notify their customers if their personal information is stolen. The bill generally just covers information that could be used for fraud, such as credit card or Social Security numbers.

But companies such as Comcast and Verizon already have to comply with more stringent data security and privacy regulations enforced by the Federal Communications Commission. FCC rules declare that the companies have a "duty to protect the confidentiality" of an array of phone and cable records. Those rules also will soon cover Internet records as part of the FCC's decision to expand its authority over broadband access in its net neutrality regulations.

The 21st Century Privacy Coalition argues that it doesn't make sense for the telecom companies to have to comply with a whole separate regulatory regime. So, at its urging, lawmakers included language in the bill that would exempt companies from FCC regulations related to protecting personal information. Like retailers and other businesses, the telecom companies would only have to comply with the "reasonable" security standard enforced by the FTC.

"The bipartisan legislation intelligently puts enforcement authority in the hands of America's top privacy cop," said Leibowitz, who served at the FTC from 2004 to 2013 and now is a partner with the law firm Davis Polk in addition to his role as the cochairman of the 21st Century Privacy Coalition. The FTC, he said, has an impressive track record of cracking down on companies that put consumer information at risk.

Historically, the FTC has been more focused on data security issues than the FCC. But the FCC is beginning to become more aggressive. Just last month, the telecom regulator forced AT&T to pay $25 million for allowing employees in foreign call centers to steal private details about U.S. subscribers.

Leibowitz argued that the Data Security and Breach Notification Act would be good for consumers because it would simplify privacy protections. Consumers want their data protected, but they don't think there should be special rules depending on which company has that data, he said. "From a consumer perspective, it doesn't make sense that data would be treated differently based on who is doing the collecting and what statutory regime they're under," Leibowitz said.

But Laura Moy, a senior policy counsel for the New America Foundation's Open Technology Institute, warned that the data breach bill would leave consumers with weaker protections for their most sensitive information. The legislation really is focused on combating financial fraud, she argued, while the FCC regulations aim to protect a wide range of personal information to ensure people can trust communications networks. Unlike FCC rules, the bill wouldn't cover text message logs, cable TV viewing and ordering histories, Internet records, or certain kinds of location data. 

"We want people to use these essential communications systems as platforms for free speech and free association," she said. "We want people to be able to visit the websites they need to visit to gather the information they need, for whatever it is, whether it's abortion, purchasing firearms, seeking medical help, or help for mental illness."

It's not just consumer advocates that are angry over how the bill treats telecom companies. Retailers also are lobbying for stricter regulations of the telecom industry.

Under the bill, if a telecom provider is transporting data for another company and gets hacked, it has no obligation to notify consumers. Instead, it only has to notify the other company, and only then if that company can be "reasonably identified." Supporters of the language say telecom providers should have lower notification burdens when they're just acting as conduits for other companies.

Mallory Duncan, the general counsel for the National Retail Federation, argued that this language creates a "notice hole" that could leave consumers unaware that their information has been hacked. When the consumers realize someone has stolen their identity, they might blame a retailer like Target, when it was really Verizon, carrying Target customer information, that got hacked.

"[The 21st Century Privacy Coalition] is aptly named because they want to keep the fact of their breaches to themselves," Duncan said.

With President Obama calling for data breach legislation, it seemed like it would be one of the few issues that could enjoy bipartisan support this year. But all of the Democrats on the House Energy and Commerce Committee, including Welch, voted against the version that passed the panel last month. In addition to opposing the telecom provisions, they argued that the new federal notification requirement shouldn't replace stronger state laws.

Republicans now are making tweaks in an attempt to get some Democrats on board, but they are unlikely to change the provisions on telecom companies. The Senate has been waiting for the House to reach an agreement before they move forward on legislation.

But still, the backers of the bill are confident it will pass. And Bono has some important historical perspective on the issue; she was the chairwoman of the House Commerce, Manufacturing, and Trade Subcommitteem, and the chief author of a data breach bill that failed to pass during the most recent Congress.

"Just a handful of years ago, far fewer members were really interested in the topic or understood the severity of the threat," she said in an email. "Now every single member can probably speak to the problem of data security and probably have, at one point or another, discussed the threat with his or her businesses and constituents. It's no longer just a vague problem to any member but instead a real issue that needs to be addressed."

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.