FCC Will Investigate Data Caps and Data Privacy

By: Andy Regitsky

While waiting for Congress to approve a fifth commissioner, the FCC has decided to wade into the controversial areas of customer data caps and data privacy issues. Both subjects have generated thousands of customer complaints over the years and have never been adequately addressed by the Commission. It now plans on taking them both head on.

Data Caps

On June 15, 2023, FCC Chairwoman Jessica Rosenworcel announced the Commission would initiate a Notice of Inquiry (NOI) to learn more about how broadband providers use data caps on consumer plans:

Data caps, or usage limits, are a common practice where an internet service provider (ISP) restricts how much bandwidth or data a consumer uses, though many broadband ISPs temporarily or permanently refrained from enforcing or imposing data caps in response to the COVID-19 pandemic. In particular, the agency would like to better understand the current state of data caps, their impact on consumers, and whether the Commission should consider taking action to ensure that data caps do not cause harm to competition or consumers’ ability to access broadband Internet services.

(FCC New Release, June 15, 2023).

Specifically, the NOI would:

  • Seek comment to better understand why the use of data caps continues to persist despite increased broadband needs of consumers and providers demonstrated technical ability to offer unlimited data plans;
  • Seek comment on current trends in consumer data usage;
  • Seek comment on the impact of data caps on consumers, consumers’ experience with data caps, how consumers are informed about data caps on service offerings, and how data caps impact competition;
  • Ask about the Commission’s legal authority to take action regarding data caps.

In addition to the proposed Notice of Inquiry, the FCC has opened a new portal for consumers to share how data caps have affected them. No doubt, this will lead to a variety of complaints against ISPs, some fair, but many unfair. Almost surely, many of the complaints will be the result of customers failing to read or understand their contracts. Let’s hope that no onerous regulations on ISPs result from this NOI, but I am not hopeful.

Data Privacy

In a June 14, 2023, speech to the Center for Democracy and Technology, Chairwoman Rosenworcel noted the three forces she believes are in play in today’s digital world:

First, we live in an era of always-on connectivity. Connection is no longer just convenient. It fuels every aspect of modern civic and commercial life. Sitting outside this connectivity means shutting yourself off from any shot at 21st century success. But too often this always-on connectivity—which has brought so many benefits—can mean a sacrifice of our privacy.

Second, the monetization of data is big business. The cost of data storage has declined dramatically. The market incentives to keep our data and slice and dice it to inform commercial activity are enormous—and they are only growing.

Third, more money means more players. It used to be that in communications the relationship was primarily between a customer and his or her service provider. But the number of third parties participating in our digital age connections has multiplied exponentially. Dial a call, write an e-mail, make a purchase, update a profile, peruse a news site, store photographs in the cloud, and you should assume that service providers, advertising networks, and companies specializing in analytics have access to your personal information. Lots of it. For a long time.

(Rosenwocel June 14, 2023)

Based on these three forces, Rosenworcel provides examples of abuse of customer data, such as “the country’s largest wireless carriers selling real-time location information— where we are with our phones and when—to data aggregators,” breeches of customer data and sim-swapping schemes. In response, the agency will use its authority under sections 222 and 631 of the Telecommunications Act to create a Privacy and Data Protection Task Force, which will do the following:

  • Begin an effort to modernize the FCC’s data breach rules;
  • Develop rules to stop sim-swapping fraud;
  • Play a role in to aid in the implementation of the Safe Connections Act. This was a law passed last year to help support access to communications for survivors of domestic violence;
  • Look at the data amassed last year when Rosenworcel wrote to the 15 largest mobile carriers seeking information about their geolocation data retention and privacy practices.

During her speech, Rosenworcel announced enforcement action against two companies for illegally selling customer geolocation data. She suggests that the industry should understand that the Commission is taking data privacy issues very seriously and the Task Force will have a lot of power.

Providers should recognize that these investigations are the tip of the iceberg. Once the fifth commissioner is on board, the Commission is likely to launch many new investigations, resulting in many new regulations.