In a ruling narrowly approved by the California Public Utility Commission, departing Commissioner Mark Ferron left app developers and wireless communications providers a precious gift – no regulation on privacy practices, at least for now.
The commission in January, by a 3-2 vote, ruled it lacked jurisdiction over app providers and only had limited jurisdiction of wireless carriers.
The Consumer Federation of California, The Utility Reform Network, and Privacy Rights Clearinghouse had asked the commission to open a new rulemaking process to review the privacy practices of telecommunications carriers and to develop wireless privacy standards. They raised concerns relating to the collection and use of personal information by telecommunications providers and app companies that operate on wireless platforms.
Commissioners pointed to existing state and federal laws that protect the privacy of consumers’ personal information, including the federal customer proprietary network information (CPNI) privacy protections that cover both wireline and wireless phone providers.
"The petition does not provide clear document of gaps in existing privacy laws and regulations or examples of actual instances of harm from privacy violations by telecommunications corporations" the commission’s decision stated as a rationale for its decision.
Among the laws and policies the commission said protect consumer privacy:
_ The Commission’s Smart Grid proceeding where privacy of consumers’ personal energy user data is being considered in Rulemaking No. 08-12-009.
_ Federal and state laws governing protection and use of CPNI.
_ The California Online Privacy Protection Act that requires providers of mobile and on-line services to develop and make available privacy policies, which detail what information they collect and how it may be used.
_ Federal Trade Commission and the California State Attorney General Office authority under anti-fraud law and policies to investigate breaches of and to enforce compliance with companies’ privacy policies.
Although commissioners acknowledged the rapid changes in communications-related technologies and services could render existing privacy policies inadequate, they decided no action was necessary at this time. However, they said they would track developments and might take action in the future if telecommunications providers (not app providers) release information in violation of existing privacy laws and policies or treat sensitive customer information in a way that violates customers’ privacy and could lead to harm.
Ferron stepped down from the commission because of health reasons, and the ruling was one of the last decisions he authored before his departure. This decision was the right one. Although privacy issues are something we are rightly concerned about after the recent NSA revelations, the request to bring yet another state agency into the privacy fray is unnecessary at this time. It is better to use existing laws and policies to protect consumer privacy, and to ensure it resides with an agency that has jurisdiction over all the players, not just some of the players.
