October 12, 2018 by Tom Cohen

Are You Paying Attention to Privacy and Data Security Regulations?


The business model for most Internet firms is driven or augmented by collecting and using information from consumers who access their websites and applications. This model too has benefitted Internet users who have grown accustomed to accessing valuable services without making a “cash” payment – we need only view commercial advertisements or provide some innocent looking personal information. But, this powerful online commerce engine is becoming more controversial as consumers question whether they either are losing control of their information or are not being fairly compensated for its use. In addition, antitrust officials question whether these data collection practices limit competition or allow hackers to steal treasure troves of personal information from online databases.

The European Union addressed some of these concerns by adopting its General Privacy Data Regulation (GPDR), a highly prescriptive approach to data privacy that took effect in May and applies to firms doing business with EU consumers. This past summer, California also enacted another highly prescriptive set of privacy requirements that applies to firms doing business in that state beginning in 2020. Now, Washington policymakers are beginning to weigh in to see if they can develop and enact a federal privacy law – one that would strike a better balance between the interests of businesses and consumers than the EU or California requirements, and that would create a set of competitively and technology-neutral requirements that would apply uniformly across the country. This will be a heavy lift, but the work has already begun.

Earlier this summer, the Federal Trade Commission (FTC), which is the lead federal agency overseeing privacy in the Internet ecosystem, launched a general review of its privacy policies and will issue a report early next year. (The FTC also is in the middle of reviewing recent privacy problems with Facebook and Google and may amend the consent decrees it has with these firms.) In addition, the Senate Commerce Committee is holding hearings on privacy issues as the Committee considers drafting legislation. And, the Administration has initiated its own privacy policy review with the intention of drafting legislation that would be introduced next year. Most recently, the National Telecommunications and Information Administration issued a notice outlining potential privacy policy approaches, and comments on the notice are due on October 26.

As you can see, there is much discussion and potential action on privacy to come. All of these laws, regulations, and enforcement actions will affect how Internet Service Providers and other Internet-based firms do business – hopefully enabling the development of new services while addressing the concerns of consumers. So, it is important to pay attention as the federal effort continues.

Want to learn more? We are going to discuss this privacy debate and other public policy issues at the upcoming 2018 Calix ConneXions Innovation and User Conference. We look forward to seeing and talking to you.