‘Big Three’ Weigh in on Online Privacy: FTC, FCC and NTIA Testify at Privacy Hearing
Kelley Drye Client Advisory
July 19, 2011
On July 14, 2011, a joint House Energy and Commerce Subcommittee hearing focused on online privacy policy and perspectives of the ‘big three' federal agencies with potential jurisdiction over online privacy - the Federal Trade Commission (FTC), the Federal Communications Commission (FCC), and the National Telecommunications and Information Administration (NTIA). The hearing, Internet Privacy: The Views of the FTC, the FCC, and NTIA, offered a comprehensive review of the state of online consumer privacy and the appropriate industry and government response to developments in online behavioral advertising and tracking. The hearing comes on the heels of a flurry of online privacy and data security legislation introduced in recent weeks and months. Witnesses included FCC Chairman Julius Genachowski, FTC Commissioner Edith Ramirez and NTIA Administrator Lawrence E. Strickling. This advisory will highlight the major themes discussed at the hearing, which expanded the growing legislative record on online privacy and security.

The hearing was jointly sponsored by two House Energy and Commerce Subcommittees that have been active on online privacy and data security issues - Chairwoman Mary Bono Mack's (R-CA) Subcommittee on Commerce, Manufacturing and Trade and Chairman Greg Walden's (R-OR) Subcommittee on Communications and Technology. The hearing garnered considerable interest - members in attendance included Rep. Bono Mack, Rep. Walden, Rep. John Barrow (D-GA), Rep. G.K. Butterfield (D-NC), Rep. Bill Cassidy (R-LA), Rep. Anna Eshoo (D-CA), Rep. Edward Markey (D-MA), Rep. Doris Matsui (D-CA), Rep. Gregg Harper (R-MS), Rep. Bobby Rush (D-IL), Rep. Henry Waxman (D-CA), Rep. Lee Terry (D-NE), Rep. Cliff Stearns (R-FL), Rep. Marsha Blackburn (D-TN), Rep. Bob Latta (R-OH), Rep. Joe Barton (R-TX), Rep. Adam Kinzinger (R-IL), Rep. Pete Olson (R-TX), Rep. Jan Schakowsky (D-IL), and Fred Upton (R-MI).

Economic Impact of Privacy Regulation

One major concern voiced by members at the hearing was whether the FTC, FCC and NTIA and Congress are looking at the economic impact online privacy regulation will have on the internet marketplace and businesses. In particular, Rep. Walden and Rep. Bono Mack voiced concerns for what they termed "regulatory overreach." Rep. Blackburn noted the contribution of online advertising revenue to the online economy and U.S. economy overall and cautioned against stifling innovation, which was echoed by Rep. Kinzinger. Rep. Harper inquired as to whether the FTC and federal government should and will analyze the costs to businesses of online privacy regulation - Ramirez responded that the comments in response to the FTC's December 2011 privacy report provided an opportunity to address these concerns and that the FTC's Bureau of Economics is looking at the issue. Genachowski emphasized the contribution privacy has to the online economy by stimulating consumer trust.

Defining the Harm

Several members, including Rep. Bono Mack, Rep. Blackburn and Rep. Harper, questioned whether real harms caused by consumer online behavioral tracking had been identified and whether Congress was trying to legislate in search of a problem. Rep. Walden stated that at this point in time, it is not clear whether legislation is necessary. Rep. Harper in particular pressed Ramirez on whether the FTC had specific examples of harms to consumers, evidence and documentation, caused by online advertising and tracking. Ramirez responded that the FTC notes numerous public reports such as insurance companies using data aggregation as substitutes for underwriting analysis. Rep. Waxman also asserted that self-regulation is not working, noting a recent Stanford University study which found that many participants in the Network Advertising Initiative - a self-regulatory voluntary code of conduct - violated their own privacy policies by leaving tracking cookies in place despite consumer opt-out.

Agency Jurisdiction and Authority

The discussion also focused on agency existing authority over privacy and what roles the FCC, FTC and NTIA should play in privacy regulation and enforcement - highlighting a potential jurisdictional "turf war" between the FCC and FTC. Genachowski highlighted the FCC's existing jurisdiction through Sections 222, 338, and 631 of the Communications Act, which impose privacy requirements on telecommunications carriers, satellite and cable providers. Genachowski emphasized that the FCC already has authority to require wired and wireless telecommunications carriers to protect customer proprietary network information or CPNI - telephone billing information, numbers called, location, etc. Rep. Butterfield and Rep. Walden noted the broad authority over wireline and wireless Section 222 provides, including location based data but noted Section 222's limitations - applying only to carriers not device providers, operating systems or applications. In response to a question from Rep. Eshoo, Genachowski noted that Congress could clarify the Communications Act to update the network-oriented privacy regime in the digital age, such as CPNI in the context of VoIP services.

Genachowski and Ramirez disagreed over whether the FCC or FTC should have jurisdiction over telecommunications common carriers - an area traditionally under FCC jurisdiction - in protecting consumer privacy. Genachowski emphasized the FCC's experience regulating wireline and wireless services. Defining the jurisdictional roles of the FCC, FTC and NTIA will be a point of debate in potential online privacy policy.

Protecting Children

Several members emphasized the need to protect children's online privacy and reform the Children's Online Privacy Protection Act (COPPA), which they asserted is fast becoming outdated in the age of social networking and behavioral advertising. Rep. Eshoo noted that policymakers should start with protecting children online, which echoed comments made by Genachowski. Rep. Markey and Rep. Barton noted their Do Not Track Kids Act (H.R. 1895), emphasizing the need to amend COPPA given the explosion of the online ecosystem by obtaining parental consent and providing consumers with a "eraser button" to delete embarrassing data. In response to a question from Rep. Barton, the witnesses noted that neither the FTC nor FCC has a position on the Do Not Track Kids Act. Ramirez also noted that the FTC's highly-anticipated review of COPPA is ongoing but is expected to finish "shortly."

Data Security

Recent public outcry that News Corp reporters hacked into cell phones served as a backdrop for the hearing, emphasizing the importance of data security in the debate. Genachowski emphasized data security as a consensus-based component to data privacy, which Ramirez agreed with, and noted existing federal authority over these issues based on state and federal wiretap law. Ramirez noted that any data security legislation should include rulemaking authority for the FTC. In response to a question from Rep. Waxman, Genachowski and Ramirez generally supported, or at least did not oppose, expanding data protections to include ISP addresses, social networking usernames and passwords, health information, race, ethnicity, sexual orientation, mother's maiden name, financial information, geolocation information and biometric data. Most notably, Rep. Waxman announced at the hearing that there would soon be a mark-up on a yet-to-be-introduced data security bill.

Social Networking

Rep. Barton and Rep. Blackburn pressed the FTC in particular on whether the FTC was investigating recently released Google+, a social networking platform similar to the controversial Google Buzz, as well as the Facebook facial recognition platform. Ramirez would not comment on specifics but did note that the FTC was looking at the social networking arena. Rep. Barton voiced concern that - with the quick rollout of Google+ - Google did not learn its lesson from Google Buzz and inquired on ways to force companies to change their practices. Ramirez noted that the investigation closed, highlighting the limits of FTC investigative authority.


As Rep. Bono Mack noted, the hearing represents the first in a series of hearings that are planned in the House Energy and Commerce Committee on data privacy and security. The hearing comes on the heels of numerous privacy and data security bills introduced in the past several weeks and months, including Rep. Cliff Stearn's (R-FL) and Rep. Jim Matheson's (D-UT) Consumer Privacy Protection Act of 2011 as well as a slew of data security bills. It is clear there are still a number of issues to be ironed-out that were addressed at the hearing - the economic impact of regulation, agency jurisdictional authority, whether legislation or self-regulation is the appropriate response. It also is clear from the hearing that the FCC, FTC and NTIA, will continue to play a role in the ongoing policy debate. Online consumer privacy and data security continues to garner considerable interest on Capitol Hill.

Kelley Drye & Warren LLP

Kelley Drye & Warren's Privacy and Information Security practice is a leader in advising clients on privacy and information security issues and has been at the forefront of developments in this growing area of the law. Our attorneys regularly counsel clients regarding all aspects of privacy and data security compliance, including drafting and amending privacy and information security policies, advising clients on interpreting their own policies, crafting data security programs for clients, performing privacy and/or data security audits of existing business practices, drafting agreements with third parties regarding their obligations in connection with handling clients' customer data, and representing clients in connection with federal and state regulator privacy investigations regarding their privacy and data security practices.

Kelley Drye's Government Relations and Public Policy Practice Group helps clients interpret and shape governing laws, enabling them to achieve and maintain market leadership. The varied backgrounds of its government relations lawyers and professionals enable the team to handle a variety of clients needs including representation and strategic planning.

For more information about this advisory, contact:

Dana B. Rosenfeld
(202) 342-8588

John J. Heitmann
(202) 342-8544

Alysa Zeltzer Hutnik
(202) 342-8603