January 22, 2010
Before the Federal Communications Commission
In the Matter of Comments Sought on Privacy Issues
Raised by the Center for Democracy and Technology
Comments of NetChoice—NBP Public Notice # 29
NetChoice hereby files these comments in response to the Commission’s Request for Comments, GN Docket Nos. 09-47, 09-51, and 09-137.
NetChoice is a national coalition of online businesses and trade associations who share the goal of promoting choice, commerce and convenience on the Internet. Our members include the nation’s leading platforms for Internet communities and e-commerce, along with several thousand small online businesses. NetChoice works in Washington, D.C. and in many state capitals to oppose regulatory barriers to online services. At the same time, we advocate for aggressive enforcement and new regulations against fraud and deception that undermine consumer trust and confidence in online information and commerce.
Our members rely on increased broadband access, uptake, and speeds to further grow their user base. In this regard, we are keenly interested in the Commission’s development of a National Broadband Plan. Additionally, our members are also invested in protecting the privacy of their customers. We rely on our users to provide traffic to—and often the content of—our websites. Consumer expectations and trust are thus the primary consideration for our privacy policies and practices, whether our users connect to our sites using broadband, wireless or dial-up technologies.
The exchange of data between and among users and online services creates valuable opportunities for socially beneficial business models. We are now witnessing explosive growth in online services, where users can post their own content and participate in online communities, forums, and blogs. The services and platforms that make “Web 2.0” possible invest heavily in software development, servers and storage, and high-speed bandwidth. In addition, these services must expand their customer support and legal teams to respond to complaints when user-generated content crosses the line of acceptable behavior.
The majority of online services and platforms rely almost entirely on advertising revenue to pay for their investments. Ad-based sites are often viewed as being “free”—and while consumers can access content at no charge, there are real costs that must be covered by advertisers. The information consumers provide, often by registering with the online service, allows content providers to deliver advertisements that are tailored to the interests of their users. This makes advertising much more effective.
This process of collecting and using consumer information is subject to existing regulatory oversight. Online businesses that collect consumer information are subject to a number of state and federal laws. Almost every state has a data security law that requires the safeguarding of information and notice to consumers when a breach occurs. In addition, the Federal Trade Commission (FTC) imposes penalties against companies that engage in unfair or deceptive trade practices.
Indeed, the FTC has already established subject matter jurisdiction on Internet-related privacy issues. It initiates actions against companies that deviate from the privacy promises in their website privacy policies. It has reviewed behavioral advertising practices on several occasions and, in February of last year, the FTC’s staff issued “Self-Regulatory Principles for Online Behavioral Advertising.” Top-level FTC officials have made public statements on privacy and the Internet, most recently in a New York Times interview that signaled potential regulatory proposals. Moreover, the FTC administers the Children’s Online Privacy Protection Act (COPPA) to regulate information collection from children under the age of 13—which is also undergoing expedited review this year.
The FTC also is currently hosting a series of privacy roundtables “to explore the privacy challenges posed by the vast array of 21st century technology and business practices that collect and use consumer data. Such practices include social networking, cloud computing, online behavioral advertising, mobile marketing, and the collection and use of information by retailers, data brokers, third-party applications, and other diverse businesses.”  The FTC describes its goal of the roundtable series “to determine how best to protect consumer privacy while supporting beneficial uses of the information and technological innovation.”
At the same time, Congress has clearly and narrowly delineated the role of the FCC in regulating the way carriers collect and maintain subscriber information. It would be an unjustified expansion of the FCC’s authority to regulate what information flows over a network. Privacy issues on the Internet are independent of the pipes used to transmit information. We therefore disagree with the premise of the letter filed with the Commission by the Center for Democracy and Technology (CDT)—that broadband connections create distinct privacy concerns.
Instead, data collection and use occurs at the ends of a network. Consumers provide data through browsers and set application privacy settings on their computer. Web applications reside on servers and they collect and receive data from users in certain ways that are programmed within the application. The privacy policies of the ends (consumers and online services) are not defined by the middle (the speed of the communications pipe).
We believe that the agency that handles trade-related matters—the FTC—is the appropriate agency for privacy-related issues. As noted above, it has traditionally exercised jurisdiction over privacy matters under its authority to regulate unfair and deceptive practices. Implicitly, the CDT letter recognizes that privacy is more of a trade practice and not a broadband technology practice. The letter mentions “broadband” only twice within the four subject areas that make up the core focus for comments—and only in the description paragraph, not the questions themselves.
Because it duplicates ongoing work in other government venues, we believe that the CDT letter is more appropriately addressed elsewhere. The Commission has a full-slate of issues already under its purview and it is unfair to expect it to tackle every issue under the broadband sun, particularly those that are merely ancillary to Internet broadband communications.
NetChoice will continue to engage on privacy matters at the state and federal level. Privacy is an important issue not because it is specific to broadband; rather, because privacy is a consumer-driven expectation that must be met regardless of transmission technology.
1401 K St NW, Suite 502
Washington, DC 20005
 Stephanie Clifford, “F.T.C.: Has Internet Gone Beyond Privacy Policies?”, Jan 11, 2010, available at http://mediadecoder.blogs.nytimes.com/2010/01/11/ftc-has-internet-gone-beyond-privacy-policies/?scp=2&sq=ftc&st=cse
 See 47 U.S.C. § 222 (providing authority for the FCC to regulate the privacy of consumer information maintained by telecommunications carriers whether by wireline, wireless or VoIP); 47 U.S.C. § 551 (providing authority for the FCC to regulate consumer information maintained by cable operators to protect subscriber privacy); 47 U.S.C. § 338(i) (providing authority for the FCC to protect the privacy of Direct Broadcast Satellite subscribers).
 See Attachment: Center for Democracy and Technology Letter, Filed January 11, 2009.