New House Bill Targets Service Providers and Tech Giants, Aims to Give Consumers More Control Over Their Data
Bradley Clark*
Representative Marsha Blackburn of Tennessee introduced a new data privacy bill to the House of Representatives on May 18, 2017. BROWSER Act of 2017, H.R. 2520, 115th Cong. (2017). The bill, titled “Balancing the Rights [o]f Web Surfers Equally and Responsibly Act of 2017” or simply the “BROWSER Act of 2017,” aims to give consumers more control over their personal data by allowing them to “opt-in or opt-out . . . with respect to the use of, disclosure of, and access to user information collected” by internet service providers and other tech firms. Id.
If enacted, the proposed BROWSER Act would require companies covered by the statute to provide users with “clear and conspicuous” notice of the privacy policies connected with the service or services the user is attempting to receive, and would also prohibit companies from denying covered services to users that choose to opt-out. Id. §§ 2(a), 4(2). Whether the bill applies to a given company depends on whether that company is providing a “covered service” to its users. See id. § 2(a). “Covered services” are broken down further into two categories. Id. § 6(1)(B)(3). First, a company that provides “broadband internet access service” is providing a covered service. Id. § 6(1)(B)(3)(A). The bill would also apply to a company that provides “edge service[s],” which are defined as services:
(A) . . . provided over the internet––
(i) for which the provider requires the user to subscribe or establish an account in order to use the service;
(ii) that the user purchases from the provider of the service without a subscription or account;
(iii) by which a program searches for and identifies items in a database that correspond to keywords or characters specified by the user, used especially for finding particular sites on the World Wide Web; or
(iv) by which the user divulges sensitive user information; and
(B) includes a service described in subparagraph A that is provided through a software program, including a mobile application.
Id. § 6(1)(B)(4). Section 7 would prevent both states and the Federal Communications Commission (FCC) from enacting laws or regulations related to the privacy of user information that would regulate providers of covered services as defined by the bill. See id. § 7.
The inclusion of edge service providers gives the new bill an incredibly long reach. For example, subsection (i) of the above definition can be read to include almost any news website or blog. See § 6(1)(B)(4)(A)(i). Subsection (iii) certainly includes search engine giants like Google and Bing, but also likely covers many shopping websites by including language regarding searching for and identifying “items in a database.” Id. § 6(1)(B)(4)(A)(iii). The inclusion of edge service providers puts the new bill in contrast to an FCC regulation that was repealed earlier in 2017 by President Donald Trump. Cf. Steve Lohr, Trump Completes Repeal of Online Privacy Protections from Obama Era, N. Y. Times (Apr. 3, 2017), https://www.nytimes.com/2017/04/03/technology/trump-repeal-online-privacy-protections.html (giving a brief summary of the FCC regulation’s purpose and indicating that the regulation covered broadband service providers, but not “internet companies” like Amazon and Google). That failed regulation would only have applied to telecommunications carriers and interconnected Voice over Internet Protocol (VoIP) providers. See Fed. Commc’ns Comm’n, Protecting the Privacy of Customers of Broadband and Other Telecommunications Services 15 (2016), https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A1.pdf. The failed FCC regulation’s limited scope was a main point of contention for its detractors, including Representative Blackburn. Tony Romm, A New Privacy Bill in Congress Has Some Companies Preparing for a Long Political Fight, Recode (May 24, 2017, 2:10 PM), https://www.recode.net/2017/5/24/15685870/new-republican-privacy-bill-tech-telecom-lobbying-fcc-congress. According to Blackburn, the new proposed legislation will move the government “to a posture where we have one regulator, one set of rules [and] everybody knows who’s in charge.” Id.
The BROWSER Act is not without its detractors, however. The Internet Association, a lobbying group representing internet giants such as Amazon, Google, and Facebook, says that the new bill would “upend the consumer experience online and stifle innovation.” Jon Fingas, Congressional Internet Privacy Bill Would Counter FCC Rollbacks, Engadget (May 24, 2017), https://www.engadget.com/2017/05/24/browser-act/. The Interactive Advertising Bureau, a lobbying group for the advertising industry, has also criticized the BROWSER Act, saying that it “could significantly impact much of the trillion dollars in GDP [that] the ad-supported internet generates, taking millions of jobs along with it.” Romm, supra. The bill has also garnered the ire of the American Civil Liberties Union (ACLU). See Fingas, supra. The ACLU argues that the new bill is not comprehensive enough, and that a full replacement of the failed FCC regulation would have been a better alternative. See id. Neema Singh Guliani—the ACLU’s legislative counsel—did say, however, that “in concept, the idea that there should be stronger privacy standards for edge providers and internet service providers is right,” indicating that the group may be receptive to a stronger version of the bill, or to a new bill that builds on the principles laid out in the BROWSER Act. Romm, supra.
The fate of the BROWSER Act is largely political. The bill likely faces an uphill battle, with tech firms, advertising firms, and their respective lobbyists openly opposing it, the ACLU and consumer advocacy groups expressing trepidation, and broadband providers such as Comcast and Verizon remaining largely silent. Romm, supra. The bill was referred to the House Subcommittee on Digital Commerce and Consumer Protection on May 19, 2017. H.R. 2520 – BROWSER Act of 2017, Congress.gov, https://www.congress.gov/bill/115th-congress/house-bill/2520/cosponsors?q=%7B%22search%22%3A%5B%22data+privacy%22%5D%7D&r=37 (last visited Oct. 25, 2017). Since then, the BROWSER Act received its first Democratic cosponsor, Representative Daniel Lipinski of Illinois, on July 27, 2017, which should be seen as a positive development for individuals and groups hoping to see the bill become law. Id. Regardless of whether it passes, however, the existence of the BROWSER Act and the debate surrounding it indicate that regulation of the collection, storage, sharing, and sale of consumer data will continue to be an important topic to consumer groups, industry players, and politicians on both sides of the aisle for the foreseeable future.
*Bradley Clark is a second-year evening student at the University of Baltimore School of Law, where he serves as a staff editor on Law Review. During the day, Brad serves as an in-house legal assistant at a major apparel brand where he handles retail and commercial lease agreements throughout the world.
University of Baltimore Law Review 