Republican senators yesterday introduced legislation that would overturn new privacy rules for Internet service providers. If the Federal Communications Commission rules are eliminated, ISPs would not have to get consumers' explicit consent before selling or sharing Web browsing data and other private information with advertisers and other third parties.

As expected, Sen. Jeff Flake (R-Ariz.) and 23 Republican co-sponsors introduced the resolution yesterday. The measure would use lawmakers' power under the Congressional Review Act to ensure that the FCC rulemaking "shall have no force or effect." The resolution would also prevent the FCC from issuing similar regulations in the future.

Flake's announcement said he's trying to "protect consumers from overreaching Internet regulation." Flake also said that the resolution "empowers consumers to make informed choices on if and how their data can be shared," but he did not explain how it will achieve that.

Flake called the FCC's privacy rulemaking "midnight regulation," even though it was approved by the commission in October 2016, before the presidential election, after a months-long rulemaking process.

“The FCC's midnight regulation does nothing to protect consumer privacy," Flake said. "It is unnecessary, confusing, and adds yet another innovation-stifling regulation to the Internet." Flake's announcement also said that the FCC-imposed "restrictions have the potential to negatively impact consumers and the future of Internet innovation."

Opt-in rule and other requirements

The privacy order had several major components. The requirement to get the opt-in consent of consumers before sharing information covered geo-location data, financial and health information, children’s information, Social Security numbers, Web browsing history, app usage history, and the content of communications. This requirement is supposed to take effect on December 4, 2017.

The rulemaking had a data security component that required ISPs to take "reasonable" steps to protect customers' information from theft and data breaches. This was supposed to take effect on March 2, but the FCC under newly appointed Chairman Ajit Pai halted the rule's implementation. Another set of requirements related to data breach notifications is scheduled to take effect on June 2.

Flake's resolution would prevent all of those requirements from being implemented. He said that this "is the first step toward restoring the [Federal Trade Commission's] light-touch, consumer-friendly approach." Giving the FTC authority over Internet service providers would require further FCC or Congressional action because the FTC is not allowed to regulate common carriers, a designation currently applied to ISPs.

Flake's co-sponsors are US Sens. John Barrasso (R-Wyo.), Roy Blunt (R-Mo.), John Boozman (R-Ark.), Shelly Moore Capito (R-W.Va.), Thad Cochran (R-Miss.), John Cornyn (R-Texas), Tom Cotton (R-Ark.), Ted Cruz (R-Texas), Deb Fischer (R-Neb.), Orrin Hatch (R-Utah), Dean Heller (R-Nev.), James Inhofe (R-Okla.), Ron Johnson (R-Wisc.), Mike Lee (R-Utah), Rand Paul (R-Ky.), Pat Roberts (R-Kan.), Marco Rubio (R-Fla.), Richard Shelby (R-Ala.), Dan Sullivan (R-Ark.), John Thune (R-S.D.), Roger Wicker (R-Miss.), Ron Johnson (R-Wisc.), and Jerry Moran (R-Kan.).

Democratic senators support privacy rules

US Sen. Brian Schatz (D-Hawaii) blasted Flake's proposal.

“If this [resolution] is passed, neither the FCC nor the FTC will have clear authority when it comes to how Internet service providers protect consumers’ data privacy and security," Schatz said in a statement issued yesterday. "Regardless of politics, allowing ISPs to operate in a rule-free zone without any government oversight is reckless."

Sen. Edward Markey (D-Mass.) offered similar criticism. "Big broadband barons and their Republican allies want to turn the telecommunications marketplace into a Wild West where consumers are held captive with no defense against abusive invasions of their privacy by internet service providers,” Markey said. "Consumers will have no ability to stop Internet service providers from invading their privacy and selling sensitive information about their health, finances, and children to advertisers, insurers, data brokers or others who can profit off of this personal information, all without their affirmative consent."