In the last week, the Federal Communications Commission (FCC) has taken several steps to signal a more assertive and aggressive role for that agency on privacy, data protection and cybersecurity issues.
First, The FCC announced on June 14, 2023, the creation of a Privacy and Data Protection Task Force that will coordinate across the FCC on rulemaking, enforcement and other proceedings impacting privacy and data protection. Among the issues that the Task Force will focus on are data breaches by telecommunications providers and vulnerabilities involving third-party vendors servicing telecommunications providers. FCC Chairwoman Jessica Rosenworcel noted that the Task Force, which the Chief of the Enforcement Bureau will lead, will play a prominent role in the agency’s effort to modernize its data breach rules and new rules to crack down on SIM-swapping fraud.
The Task Force is also expected to investigate further how mobile carriers use and store their customer’s geolocation data. That issue has some history before the FCC. In 2020, the FCC proposed fines against four mobile service carriers in the U.S. (AT&T, Sprint, T-Mobile and Verizon) for purportedly selling customer geolocation data to third parties without customer consent and without taking reasonable measures to protect against unauthorized access. According to the FCC, these carriers had been selling customer geolocation data to third-party location information aggregators, which then resold access to third-party location-based service providers or third-party intermediary companies (which then resold access to the information to location-based service providers). Two years later, Chairwoman Rosenworcel sent letters to the major mobile providers regarding their data retention and privacy policies and practices. After receiving their responses, which the Chairwoman published, she instructed the FCC’s Enforcement Bureau “to launch a new investigation into mobile carriers’ compliance with FCC rules that require carriers to fully disclose to consumers how they are using and sharing geolocation data.” In announcing the new Task Force, Chairwoman Rosenworcel also announced she was sharing a proposed enforcement action against two companies and the implementation of the fines proposed against the mobile carriers in 2020.
Second, the FCC announced on June 16, 2023 that it would hold a public workshop on July 31, 2023 “to explore the latest solutions, countermeasures, and opportunities for coordination to improve the security of the Border Gateway Protocol (BGP), which is central to the Internet’s global routing system.” The workshop builds on a Notice of Inquiry that the Commission initiated in 2022 “to better understand the security vulnerabilities within” the BGP and “how best to reduce these risks.” The FCC’s Public Notice of the workshop notes the “critical importance of addressing” these risks in light of potential for “consumer harm posed by unsecured internet routing.” These can include “hijacks” which can “expose consumer’s personal information, enable theft, extortion and state-level espionage, and disrupt otherwise-secure transactions.” The FCC notes that it has “urged the communications sector to defend against cyber threats, while also taking measures to…strengthen the cybersecurity of vital communications services and infrastructure.”
Third, on June 15, 2023, the FCC announced that Chairwoman Rosenworcel had proposed to her fellow Commissioners a formal Notice of Inquiry to “learn more about how broadband providers use data caps on consumer plans.” The agency wants to “better understand the current state of data caps, their impact on consumers, and whether the Commission should consider taking action to ensure that [they]…do not cause harm to competition or consumers’ access to broadband services.” The FCC has created a portal for consumers to input their experiences with such caps.
These actions reflect the FCC’s focus on protecting the privacy of consumer information, ensuring the security of the broadband networks that consumers increasingly rely on and understanding potential impacts on access to those networks from usage limitations. Under its current leadership it is not unreasonable to expect such initiatives will continue.
Disclaimer: While every effort has been made to ensure that the information contained in this article is accurate, neither its authors nor Squire Patton Boggs accepts responsibility for any errors or omissions. The content of this article is for general information only, and is not intended to constitute or be relied upon as legal advice.