The Federal Communications Commission (“FCC”) asserted broad regulatory authority over the Internet and broadband Internet service providers when it reclassified Internet access service as a “common carrier” service under Title II of the Communications Act of 1934 in its 2015 Net Neutrality Order (discussed in detail here).  One of the many important questions left unanswered by the FCC’s reclassification decision was whether and to what extent the Federal Trade Commission (“FTC”) retained authority under Section 5 of the FTC Act to prohibit deceptive or unfair acts and practices by Internet service providers, in light of Section 5’s exemption of “common carriers” subject to the Communications Act.
Continue Reading Ninth Circuit Removes FTC From The Beat: Agency Lacks Authority To Police Common Carriers Engaged In Non-Common Carrier Activities

The FCC recently slid up its chair to the fiscal feast that is cyber security and data breach regulation and took a hefty piece of the pie.  In late October the FCC announced that it charged a record $10 million fine against two telecommunication companies after the telecoms reportedly posted the private information of nearly 300,000 people in a manner making the people eligible for identity theft. Taking a cue from the Federal Trade Commission (“FTC”), the FCC action was not based on any new set of concrete regulations or laws established to give organizations a minimum bar for data protection, but rather on existing FCC powers established under the Communications Act of 1934. The action serves as good warning not only to communications providers that the FCC will be examining data breaches and, more expressly, data storage issues, but also that in the absence of clear cybersecurity regulations, federal agencies will take an expansive view of their existing authority to address cybersecurity-related incidents involving companies subject to their jurisdiction.
Continue Reading The FCC Takes a Seat at the Cyber-Regulation Table