House Republicans on Tuesday voted to dismantle federal privacy protections that would have prevented internet providers from selling a vast array of customers’ personal, private, and financial information without permission.
Senate Joint Resolution 34 (S.J. Res. 34), backed by Republican lawmakers, passed in a 215 to 205 vote, largely along party lines. The House vote follows last week’s 50-48 Senate vote passing the measure.
President Donald Trump is expected to sign the resolution into law, a move that aligns with his administration’s anti-regulation policies that largely favor business profits at the expense of consumer protections.
S.J. Res. 34 eliminates Federal Communications Commission (FCC) rules passed in October 2016 that forbid internet service providers (ISPs) from selling customer user data, including web browsing histories, app usage, Social Security numbers, health and financial information, children’s information, the contents of emails and online messages, and geolocation data. Eliminating the rules will allow ISPs to sell customer data without first receiving permission.
Were the FCC rules allowed to remain in place, they would have also required ISPs to inform consumers of data breaches, a protection eliminated by this resolution.
Congress passed the so-called “joint resolution of congressional disapproval” using the Congressional Review Act, a little-used law that allows Congress to overturn agency rules. Once Trump signs the legislation, it will make it impossible for the FCC to impose similar rules in the future.
Consumer privacy advocates argue the elimination of the FCC’s broadband rules, which were set to go into effect in December, subject customers to greater risk of identity theft, put internet users at the mercy of ISP business and cybersecurity practices, and overall further erode personal privacy in the digital era.
Opponents of the FCC privacy protections, led by Rep. Marsha Blackburn (R-Tenn.), argue that the rules are redundant and create confusion among consumers and business alike. They also argue that the rules increase costs and decrease product availability for customers. In practice, the rules primarily prevent ISPs from profiting off customer data in the same way Google and Facebook profit from user information.
While it is true that web companies, known in legislation as “edge providers,” are able to collect and sell user data, no single company has access to as much information as a person’s internet provider.
“What Congress is trying to do is roll back the rules that keep your internet provider—so this is, you know, Comcast, Verizon, AT&T, T-Mobile—keep them from doing this sort of basically snooping on your browsing history,” Jeremy Gillula of the Electronic Frontier Foundation told NPR. “And the major difference here is that your internet provider sees everything.”
Although there are steps internet users can take to prevent ISPs from accessing private information, the average web user likely cannot sufficiently protect their data to the degree the FCC rules would have provided.