FCC Chairwoman Jessica Rosenworcel Announces New Privacy and Data Protection Task Force; Elaborates on Data Privacy Priorities
Key Points
- The FCC has launched a new “Privacy and Data Protection” Task Force to coordinate rulemaking and enforcement across the agency.
- Chairwoman Rosenworcel called on her fellow Commissioners to finalize forfeiture orders and fines for carriers who sold customers’ geolocation data.
Background on the Task Force
On June 14, 2023, Federal Communications Commission (FCC or “Commission”) Chairwoman Jessica Rosenworcel announced the creation of a new Privacy and Data Protection Task Force, which will handle data breach investigations and enforcement as well as rulemaking, equipment authorization, reporting and issues related to undersea cables. Enforcement Bureau Chief Loyaan Egal will lead the group, which includes both technical and legal staff from across the agency. According to Chairwoman Rosenworcel, the Task Force will continue the effort to modernize existing data breach rules, which began with a Notice of Proposed Rulemaking (NPRM) released in January. The Task Force will also develop new rules to target SIM swapping fraud, follow up on the issue of wireless carriers’ geolocation data use and retention policies and support access to communications for domestic violence survivors under the Safe Connections Act. The Chairwoman suggested that the Commission draws its authority for this work from Section 222 of the Communications Act, which includes the statutory requirements for Consumer Proprietary Network Information, and Section 631, addressing cable subscriber privacy.
Chairwoman Rosenworcel’s Approach to Data Privacy
Chairwoman Rosenworcel announced the new Task Force at a Center for Democracy & Technology event on Data Privacy and the FCC. In her keynote, the Chairwoman identified three “forces” shaping the current digital world: 1) an “era of always-on connectivity” in which people cannot opt out of constant connectivity without “shutting [themselves] off from any shot at twenty-first century success;” 2) the “big business” of monetizing data; and 3) the increasing number of third parties with access to consumer communications data. She stated, “Dial a call, write an e-mail, make a purchase, update a profile, peruse a news site, store photographs in the cloud, and you should assume that service providers, advertising networks and companies specializing in analytics have access to your personal information. Lots of it. For a long time.” Her remarks seemed to indicate a deep distrust of companies in possession of consumer data and a strong appetite for action by the Commission.
In particular, Chairwoman Rosenworcel cited the example of wireless carriers selling real-time geolocation data to data aggregators who then sold it to other entities, a practice first revealed in the late 2010s. Notices of Apparent Liability (NALs) were issued to the carriers found engaging in this practice in 2020, but no further action was taken. The Chairwoman indicated that she has circulated new forfeiture orders to her colleagues, following up on the 2020 NALs, that call for fines in excess of the $200 million her predecessor proposed. She specifically called on her fellow Commissioners to finalize the fines and vote in favor of the forfeiture orders.
Takeaway
The creation of the Task Force and Chairwoman Rosenworcel’s accompanying speech suggest a renewed focus on data privacy at the Commission. We expect to see further activity in coming months, and will be closely watching for action on the pending data privacy NPRM. Further information on the Task Force and its jurisdiction can be found here.