FCC Chief Highlights Enforcement Activity as Lawmakers Advance Privacy Legislation

With letters of inquiry out probing the nation’s top mobile internet providers’ privacy practices, the head of the Federal Communications Commission is flexing its powers just as members of Congress look to terminate them via the American Data Privacy and Protection Act.

“This latest FCC probe is consistent with previous agency action to protect consumers’ location-based data,” reads a press release the commission issued Wednesday, flagging the letters Chairwoman Jessica Rosenworcel sent to 15 companies. The companies must respond by Aug. 3 to detailed questions about their data collection and management practices, according to the release, which noted that previous such inquiries were followed by financial penalties.

“In February 2020, the Federal Communications Commission held the nation’s four largest wireless carriers responsible for more than $200 million in fines for selling access to their customers’ location information without taking reasonable measures to protect against unauthorized access to that information,” the release said. “Through its continued oversight, the FCC has ensured that these carriers are no longer monetizing their consumers' real-time location in this way, and the agency is continuing its investigation into these practices.”

In issuing those fines, the commission cited its authority under Section 222 of the Communications Act for “Customer Proprietary Network Information,” or CPNI. 

“Mobile internet service providers are uniquely situated to capture a trove of data about their own subscribers, including the subscriber’s actual identity and personal characteristics, geolocation data, app usage, and web browsing data and habits,” Rosenworcel wrote to leaders of the companies.

Bipartisan legislation that the House Energy and Commerce Committee cleared Wednesday would void the FCC’s ability to exercise Section 222, and other chunks of its authority, against entities covered by the bill, with a specific mention of common carriers and non profits. It includes language expressly turning jurisdiction of those entities’ privacy management over to the Federal Trade Commission.

Despite the bill’s advance out of the committee, lawmakers on both sides of the aisle expressed various concerns, reserving their right to reject it if those aren’t addressed before a floor vote. The bill also lacks key support in the Senate. 

The committee also favorably reported the RANSOMWARE Act, which would require the FTC to report to Congress on data from requests it receives from foreign governments investigating such cyber crimes.