Ted Cruz wants to stop the FCC from updating databreach notification rules Ars Technica

pFront page layoutppSite themepp
Jon Brodkin
Dec 12 2023 927 pm UTC
ppSen Ted Cruz RTexas and other Republican senators are fighting a Federal Communications Commission plan to impose new databreach notification requirements on telecom providers In a letter sent to FCC Chairwoman Jessica Rosenworcel today the senators claim the pending FCC action would violate a congressional orderppThe letter was sent by Cruz Sen Minority Leader Mitch McConnell RKy Sen John Thune RSD and Sen Marsha Blackburn RTenn They say the proposed databreach notification rules are preempted by an action Congress took in 2017 to kill an assortment of privacy and security rules issued by the FCCppThe Congressional Review Act CRA was used in 2017 by Congress and thenPresident Donald Trump to throw out rules that would have required home Internet and mobile broadband providers to get consumers optin consent before using sharing or selling Web browsing history app usage history and other private informationppThe invalidated FCC rules also included databreach notification requirements that are similar to those the current FCC now plans to impose The FCC already enforces databreach notification requirements but the pending proposal would expand the scope of those rulesppRosenworcels databreach proposal is scheduled for a vote at tomorrows commission meeting and it may ultimately be up to the courts to decide whether it violates the 2017 congressional resolution The Republican senators urged the FCC to rescind the draft plan and remove it from the meeting agendappCruz also protested a recent FCC vote to enforce rules that prohibit discrimination in access to broadband services calling it governmentmandated affirmative action and racebased pricingppWhen an agencyissued rule is nullified by a Congressional Review Act resolution that rule may not be reissued in substantially the same form without authorization from Congress The key legal question seems to be whether the FCC can reimplement one portion of the nullified rules as long as it doesnt bring back the entire privacy orderppCruz and fellow Republicans say that Rosenworcels plan would resurrect a portion of the 2016 Broadband Privacy Order pertaining to data securityppThis is clearly unlawful the FCCs proposed rules in the Report and Order are clearly substantially similar to the nullified 2016 rules they wrote Specifically the requirements in the Report and Order governing notification to the FCC law enforcement and consumers as well as the recordkeeping requirements with respect to breaches and notifications are substantially similar to the notification and recordkeeping requirements disapproved by CongressppThe FCC proposal anticipates this argument but says the agency believes it can reimplement part of the Obamaera privacy orderppWe conclude that it would be erroneous to construe the resolution of disapproval as applying to anything other than all of the rule revisions as a whole adopted as part of the 2016 Privacy Order That resolution had the effect of nullifying each and every provision of the 2016 Privacy Ordereach part being under the APA Administrative Procedure Act a rulebut not the rule specified in the resolution of disapproval By its terms the CRA does not prohibit the adoption of a rule that is merely substantially similar to a limited portion of the disapproved rule or one that is the same as individual pieces of the disapproved ruleppThus according to the FCC proposal the resolution does not prohibit the Commission from revising its breach notification rules in ways that are similar to or even the same as some of the revisions that were adopted in the 2016 Privacy Order unless the revisions adopted are the same in substance as the 2016 Privacy Order as a wholeppJoin the Ars Orbital Transmission mailing list to get weekly updates delivered to your inbox Sign me up pp
CNMN Collection
WIRED Media Group
2023 Condé Nast All rights reserved Use of andor registration on any portion of this site constitutes acceptance of our User Agreement updated 1120 and Privacy Policy and Cookie Statement updated 1120 and Ars Technica Addendum effective 8212018 Ars may earn compensation on sales from links on this site Read our affiliate link policy
Your California Privacy Rights Do Not Sell My Personal Information
The material on this site may not be reproduced distributed transmitted cached or otherwise used except with the prior written permission of Condé Nast
Ad Choices
p