In aftermath of FCC privacy rules repeal, uncertainty, ironies abound

Rollback of FCC privacy rules on selling personal data is seen as a boon for ISPs and a blow to privacy rights. But the issue is complicated. What are the implications for CIOs?

This week, the U.S. House of Representatives voted along party lines to repeal FCC privacy rules that required broadband carriers, such as AT&T, Verizon and Comcast, to get permission from customers before selling their web-browsing and app history to third parties.

Reaction to the legislative decision, which President Donald Trump is expected to sign, was in many ways as polarized as the vote. Opponents generally viewed the decision as a crushing blow for data privacy rights, making an already unfair bargain between consumers and the companies that leverage their personal data even worse. Advocates saw it as a much-needed correction of government overreach: They argued the decision put the FCC-regulated broadband carriers on the same footing as internet giants like Google and Facebook, which, regulated by the Federal Trade Commission (FTC), have made billions of dollars in targeted advertising revenue by mining their users' online habits.

But the issue of how companies track and make money from an individual's digital reality is far from black and white, said data privacy experts we interviewed, beginning with the fact that this week's decision to ease the Federal Communications Commission (FCC) privacy rules for internet service providers (ISPs) did not technically change the status quo. The Barack Obama-era regulations, adopted in October, were not slated to go into effect until the end of the year.

"From the perspective of the broadband carriers, it continues to be potentially business as usual for them," said Heidi Shey, a data security and privacy analyst at Forrester Research. (For two in-depth analyses of the vote, see Brian Fung's piece in The Washington Post and a report by Jeff Dunn of Business Insider.)

Sorting out the short- and long-term implications of the ruling, however, is another matter, Shey and others said. While the ruling appears to give broadband carriers a clear green light on monetizing consumer data, it creates a tremendous amount of uncertainty for businesses: How consumer attitudes on data privacy will change in the wake of this week's headlines, or how the European Union and other nations with stricter data privacy laws will respond -- or even how the FCC and FTC will carve out their roles in protecting data privacy rights -- all are up in the air, they said.

'Extraordinarily fluid environment'

"Going forward, perception matters," Shey said, adding she believes companies should expect this week's news to raise consumer awareness about the value of their data. "We can't unsee what we've seen about the data practices and amount of data being collected. I don't think consumers will tolerate what they perceive as shady or negligent data practices."

Shey said she believes the rollback has "pretty big implications" for companies. "They're not the broadband provider, they're not the ISP, but they sell to these same consumers. So, concepts around protecting data, data security, good data practices -- these are all practices that are going to become much more critical now, because there is much greater awareness of what could go wrong," she said.

Rather than see the heightened awareness as a threat, however, companies should be "thinking through what it is they're doing with data collection, protection, and use and see how that can be a business differentiator for them at a time when this is an issue that is getting blown up pretty big," she said.

Matt Stamper, an analyst who covers security and privacy compliance for Gartner, said he doesn't know how the regulation and monetization of consumer data will ultimately play out.

"I think we're in an extraordinarily fluid environment. If I'm an IT leader today, a CIO or CISO, or business leader, it is a very noisy world out there right now," he said. He's not as convinced as Shey that consumers have much leverage in negotiating data privacy rights -- or even want to lobby for them, especially if that results in carriers reintroducing pay-for-privacy fee structures.

Like Shey, he said he does see some perhaps unforeseen consequences of the rollback of the FCC privacy rules. While viewed as a business-friendly action, he said the ruling may paradoxically hinder U.S. companies from doing business in countries where data privacy is considered a right and companies are required to give notice of what they're collecting and for what purpose. "We may be facing a scenario where you have proverbial islands of data -- a kind of protectionism related to privacy data."

In the meantime, Stamper recommended CIOs and CISOs work closely with their privacy experts and general counsel in developing what he described as an "intimate knowledge" of their data practices. "The upshot is about going back to the basics: knowing the type of data the organization collects, how it is used internally and to the extent that there is sharing of that information -- in privacy, what is known as 'onward transfer' -- knowing that data is appropriately protected," he said.

Good profiteering -- and bad

Those are just the short-term implications. In the long term, actions like the rollback of FCC  privacy rules raise bigger questions about the values of a data economy, contended Steve Wilson, principal analyst at Constellation Research: Namely, how do we determine the fair value for what is after all the fuel of the current Industrial Revolution -- information?

"We see this as the black gold rush of 150 years ago, when oil companies were barging onto people's land and taking this resource until people said this is not fair," said Wilson, who focuses on digital identity and privacy issues pertaining to CIOs and CISOs.

"We think data is so much more valuable than crude oil -- so much more valuable than most any other resource -- that it is inevitable society is going to ask for a different sort of balance," he said.

That is not to say the broadband carriers and information companies don't have every right to make money from the valuable services they provide, Wilson said, or in any way to denigrate  the tremendous advances to our health, welfare and quality of life that come from aggregating, mining and refining personal data. Those benefits will only increase with the data collected from the growing legion of connected devices on the horizon, like self-driving cars, he said. "But the contract has to be fair and negotiable. You can't just rip people off."

CIO news roundup for week of March 27

While Congress and pundits were debating the merits and meaning of consumer data privacy, here's what was happening elsewhere:

Neuralink aims to create brain-computer interface. Reports emerged Monday that Elon Musk, chief executive at Tesla and SpaceX, has launched a new company called Neuralink. The startup, registered in California as a medical research company, is pursuing "neural lace technology -- implanting tiny brain electrodes that may one day upload and download thoughts," The Wall Street Journal reported. Musk has said in the past that neural lace technology will be necessary for humans to "compete" with advancements in artificial intelligence. He hinted that more Neuralink details would be coming soon, tweeting on Monday:

Neuralink has hired leading academics in the field, persons familiar with the matter told the Journal. There are speculations that the first product that Neuralink will create could be "advanced implants" that treat brain disorders like epilepsy or major depression.

Amazon ready to set foot in the Middle East. On Tuesday, Seattle-based retail giant Amazon announced it is buying Souq -- the Middle East's largest online retailer -- in a deal reportedly valued at $650 million. "Amazon and share the same DNA -- we're both driven by customers, invention, and long-term thinking. ... Together, we'll work hard to provide the best possible service for millions of customers in the Middle East," Russ Grandinetti, senior vice president at Amazon, said in a statement. Amazon will support Souq with Amazon's technology and global resources, Grandinetti added. The deal, expected to close later this year, will help Souq grow its e-commerce business, CEO and co-founder Ronaldo Mouchawar said in the statement.

Smartphone malware infections skyrockets. Smartphones remain the top malware target, accounting for 85% of all mobile device infections in the second half of 2016, according to Nokia's latest Threat Intelligence Report. Smartphone infections increased nearly 400% in 2016, with Android-based devices being the primary target (81%), the report found. The report also emphasized that security of internet-of-things devices has become a major concern and that IoT vulnerabilities are facilitating distributed denial-of-service attacks. "As the number and types of IoT devices continue to proliferate, the risks will only increase," Kevin McNamee, head of the Nokia Threat Intelligence Lab, said in a statement

Assistant editor Mekhala Roy contributed to this week's news roundup.

Next Steps

Check out our previous Searchlight roundups on IBM InterConnect, Intel's investment in autonomous cars and the Gartner Data and Analytics Summit.  

Dig Deeper on Enterprise data privacy management