NTIA Gets an Earful on International Digital Policy, including Privacy and Security
On June 4, 2018, that National Telecommunications and Information Administration (NTIA), a key policy arm within the Department of Commerce, sought input on an array of issues affecting the Internet and Internet-enabled economy. It asked a series of questions about international Internet policy priorities for 2018 to help the agency and Administration identify priorities. Comments were due July 17, and NTIA received a lot of feedback—89 comments have been posted by NTIA. This is not surprising given the number of high profile international issues percolating globally. Wiley Rein is active in this and many other NTIA efforts on the digital economy on behalf of major multinationals and coalitions. These efforts are vital to shaping federal policy positions.
A major theme involved increased balkanization of the Internet and the commerce that it supports.
Microsoft noted that “[d]ifferences between countries, coalitions of countries, and regions as to visions of the internet and the digital transformation are leading to internet fragmentation.” This observation was made repeatedly by associations and companies urging NTIA to engage overseas to defend Internet openness and freedom. As TechFreedom, represented by Wiley Rein, wrote:
NTIA need not look far to identify impending threats to digital citizens and to the Open Internet—which include threats to innovation, global commerce, and free expression—from burgeoning regulation of the digital economy. Privacy and security regulations are proliferating in Europe, South America, and Asia. Gathering threats include forced data localization, certification regimes that can act as barriers to entry, prescriptive security rules, and heavy-handed regulation of international data flows and uses, such as the [European Union’s General Data Protection Regulation].
Many comments addressed promoting innovation, but offered different means.
The Computer & Communications Industry Association (CCIA) urged NTIA to foster international coordination in digital privacy and security issues and to promote an international regulatory environment that encourages innovation in emerging technologies, including artificial intelligence. Others took a different approach, urging additional regulation and standards to foster device security in the Internet of Things. Consumers Union urged NTIA to support “algorithmic accountability” and otherwise scrutinize AI and emerging technology.
In the main, however, commenters lauded transparent, collaborative policymaking efforts, such as on cybersecurity policy issues, and encouraged NTIA “to continue to partner and coordinate with industry stakeholders as it pursues security priorities identified through this process.”
The GDPR, which took effect May 25, was the subject of numerous comments, often critical.
The United States is grappling with international efforts on privacy and security.
Several commenters expressed concern about the GDPR and its effects. TechFreedom criticized many aspects of the GDPR and urged NTIA to hew to familiar U.S. economic and regulatory philosophy in pushing back on some of its excesses. They wrote that “[t]he most pressing example of an overly burdensome regulation that threatens the free flow of information is the [GDPR].” Among the flaws:
-
It creates legal uncertainty, which in turn “serves to discourage de-identification of data” and other reasonable steps;
-
It “acts as a hidden trade barrier that disrupts consumer access to and use of U.S. businesses.”
-
It imposes compliance burdens on “small firms (including non-profit organizations) with no physical presence in Europe and minimal European customers bases”
-
It “assumes massive harm from privacy violations (which may turn on entirely theoretical harms) and makes the illogical and unsubstantiated leap that harm to consumers will scale in relation to a firm’s revenues.”
-
It undermines the “free-content model” that led to enormous growth of internet use and deployment, and “drives innovative new services, helps to improve existing services, and allows for the personalization and relevant content that modern digital citizens have come to demand and expect.”
Other commenters wrote that “[o]verly broad extraterritorial application of data restrictions ... risk hampering innovation and growth for both domestic industry and companies with global operations. Sweeping application of such laws may create a reciprocity effect which may impede the ability of domestic companies to operate internationally, as well as restrict the level of business which could get sent to local companies for data processing or analysis.”
Intellectual property and free speech online also came up.
The Motion Picture Association of America (MPAA) urged NTIA to protect intellectual property, arguing that “decentralized, borderless, and often anonymous nature of internet communications has subjected high-value, high-quality creative content to theft and widespread, unauthorized dissemination on a scale never before experienced.”
Several expressed concerns about the continued vitality of shared resources, like the WHOIS database, access to which is threatened by interpretations of the GDPR. Microsoft made this point, as did others. According to the MPAA, recent application of the GDPR “frustrates even preliminary examinations into illicit online activity, such as identity theft, cyber-attacks, theft of intellectual property, fraud, unlawful sale of drugs, human trafficking, and other criminal behavior, as a number of U.S. and international law enforcement, private, and public sector organizations have observed.”
Some Commenters Want to Reopen Past Domestic Disputes over “Net Neutrality.”
Consumers Union came in strong, arguing that with the FCC’s action on the Open Internet Rules, internet service providers “now have the ability to block apps and content or throttle a user’s broadband internet service. And they can discriminate between different forms and sources of data flowing through their networks.”
Next Steps
NTIA will digest all the comments and meet with stakeholders to develop policies. Its work here may be complemented and informed by efforts it is soon launching on federal privacy policy, in which it will seek input from stakeholders about the U.S. approach to privacy and key principles for policymakers. If the comments filed here are a harbinger of things to come, NTIA will have plenty of issues to consider.
Now is the time to educate the government about the practical and legal issues facing the private sector in the modern Internet-connected economy.