The U.S. Senate voted Thursday to eliminate privacy rules that would have prevented internet service providers from collecting and selling sensitive user information from customers without first receiving permission.
The vote to remove the Broadband Consumer Privacy Rules using the Congressional Review Act (CRA) passed on a 50-48 vote that fell primarily on party lines.
Republican Senator Jeff Flake of Arizona originally suggested removing the Broadband Consumer Privacy Rules using the CRA last month. The CRA not only reverses the rules, but also dictates the agency behind the policy cannot re-introduce the rules.
Open internet advocacy group Access Now condemned Thursday’s vote. “This resolution is a vote for big corporate profits over the rights and civil liberties of average people,” Nathan White, senior legislative manager at Access Now, said in a statement provided to International Business Times. “The House of Representatives must now stand up for consumers and against the CRA resolution to throw away internet privacy protections.”
Dallas Harris, policy fellow at Public Knowledge, said, "This vote is a clear sign that American interests come second to those of broadband providers. In a world where everything is increasingly digital, now there will be no rules preventing ISPs from selling your web browsing history without your permission—covering everything from the apps you use to your smart home devices."
Introduced last October by the Federal Communications Commission, the Broadband Consumer Privacy Rules were designed to provide consumers with more control over their data. The policy would have required internet service providers to ask for permission before collecting sensitive information from customers.
Sensitive information was defined by the policy as any data related to a user’s finances, health, information from children, precise geolocation data, web browsing history and app usage history. It also included prohibited extracting any content from unencrypted messages accessible to ISPs.
Information not considered to be sensitive could be collected by default, but internet service providers were required to offer customers the ability to opt out of the collection practices.
The Broadband Consumer Privacy Rules also would have enforced new requirements for ISPs to report data breaches that may have harmed customers or put their data at risk. The rules mandated ISPs inform users of a data breach within 30 days of identifying it, and required the carriers to alert the FBI of within seven days.
The rules requiring improved data security practices was the first part of the rules set to go into effect, and would have been implemented in March. Ajit Pai, Donald Trump's appointment to FCC chairman, opted to place a stay on the rules.
The data collection protections weren’t set to go into action until December 2017.
Internet service providers and advertising firms lobbied in favor of eliminating the rule prior to the vote. ISPs argued browsing and app usage data should not be considered sensitive information, while advertising groups stated their belief that self-regulation from the industry is good enough to protect user privacy without government regulation.
In a joint statement, FCC commissioner Mignon Clyburn and FTC commissioner Terrell McSweeny condemned the vote, arguing that the reversal of the protections will "frustrate the FCC’s future efforts to protect the privacy of voice and broadband customers."
"It also creates a massive gap in consumer protection law as broadband and cable companies now have no discernible privacy requirements," the commissioners said.