The FCC strengthens its approach to data privacy and security

The Federal Communications Commission has established a task force to deal with privacy and data protection, noting what it calls the era of always-on connectiv...

The Federal Communications Commission has established a task force to deal with privacy and data protection, noting what it calls the era of always-on connectivity. For the details, Federal Drive with Tom Temin spoke with Loyaan Egal, the Chief of the FCC’s enforcement bureau.

Interview Transcript: 

Tom Temin Let’s begin with what this task force is actually going to do. And then I want to ask whose data that we’re talking about. But tell us about the task force. Who’s on it? Where do they come from and what are you going to do?

Loyaan Egal Yeah. So as FCC Chairwoman Jessica Rosenworcel announced in June, the task force, the Privacy and Data Protection Task Force, is a whole of FCC effort, an entire agency effort led by the Enforcement Bureau, which which I oversee. But it includes all of the various bureaus and offices that we have in the commission. And to run through some of those, those include the Public Safety and Homeland Security Bureau, the Wireline Competition Bureau, the Consumer Governmental Affairs Bureau, the Space Bureau, Media Bureau. And then we have other offices, such as the Office of the General Counsel, the Office of International Affairs, the Office of Engineering and Technology, and the Office of Economics and Analytics. So all of those different bureaus and offices come together to make up this task force.

Tom Temin And with respect to data privacy, I presume you mean consumers data that are using services where there is data collected when someone’s listening to a broadcast. There’s no data involved because you’re radio is picking out of something on the antenna. But cable and all of these streaming services, you’ve got kind of a chain of carriers and wireline providers and content providers, and they all have data on consumers. Is that context we’re talking about?

Loyaan Egal Yeah. So I think the one that probably resonates with most people are cellular phones. Your mobile phone, which I think Pew Research Center put a stat out that said about 97% of Americans now have cellular phones with about 85% of those involving smartphones. So when you just think about the amount of information that you carry in your pocket with regards to when you access your email accounts, your bank accounts, social media, when you talk on the phone, that’s just a voluminous amount of data that’s being collected on that platform. But as you also mentioned, there’s data that’s collected in services provided for satellite services as well as cable services. And the FCC regulates all of that.

Tom Temin And with respect to getting back to that cell phone data, there are a lot of offers of cell and data services. But is it fair to say fundamentally there are only three or four basic carriers that actually operate the radio services that carry the service. And there are resellers that then sublet from Verizon or AT&T. And so the supply chain gets a little bit complicated in that manner.

Loyaan Egal Yeah. So so not to get too technical, but to your point, there are a handful or even maybe a little less than a handful of major carriers that are what do you call facilities based providers, right? That the carriers that own the networks and the hardware that all of our communications travel through. And on top of those networks, you have other companies that use those networks in business relationships with with the major carriers to provide your cellular service. So you may be subscribed to a specific cell phone provider, but that cell phone provider may be using another cell phone companies network.

Tom Temin Right. So you’ve really got two companies then to deal with in terms of data and privacy.

Loyaan Egal As a consumer, your relationship is with the company that you signed on with. But to your point, the data that’s traversing those networks is is going beyond just the company that you’re subscribed to.

Tom Temin And so is the FCC with all of the supply chain. And again, people that provide content, they know what you’re watching and all this kind of thing, concerned with how those companies protect that data from breaches or how they use it for ways that maybe they shouldn’t the Facebook type of model where it turns out they were using data for reasons they shouldn’t have, so far as we can tell, or both?

Loyaan Egal Yeah. So we’re looking at it holistically. We’re looking at privacy. So what are the companies that are regulated by the FCC doing with the information that they have as a as a result of the business relationship they have with you, the consumer? And back in 2020, the FCC brought forth enforcement actions against the major, then four carriers, Verizon, AT&T, T-Mobile and then Sprint before that T-Mobile Sprint merger about how those companies were using location data. Right. The information that shows where your phone is when you’re using it, things of that nature. So so that went to the privacy aspect of things. And that’s an example of where we look at with regards to privacy, with regards to data protection. Look at how do those companies that are regulated by the FCC protect that sensitive information. And then the third prong of it is cybersecurity, right? We look at the networks that that sensitive information is housed on to see how are they protecting the networks that protect that that have that has the sensitive data. So those are three separate disciplines that many times have significant.

Tom Temin We’re speaking with Loyaan Egal. He is chief of the Enforcement Bureau at the Federal Communications Commission. And the fact of this task force then presupposes there are statutes and regulations that apply to these supply chain participants in communications that you want to step up enforcement of, or you get the sense that somehow it needs to be heated up a little bit under them to make sure that everyone does what they’re supposed to.

Loyaan Egal Before I came into my position as the chief of the Enforcement Bureau, I’d spent the last four years before that working in the national security space at the Department of Justice, in the interagency group known as Team Telecom. And in there we were looking at potential risk brought on by foreign investment for participation in the U.S. telecommunications sector. A lot of that those same concerns come to this space. Right. Even even we look at companies that might not have a significant foreign investment aspect to them. They still have global supply chains. In other words, they may use third party vendors to provide services to you, the consumer. And in many, many instances, those are services that people want and like. But what we look at is how are those companies that that you’ve trusted with your information, with your sensitive data? How are they then making sure down the supply chain that the other companies are protecting that information? And so the task force is looking at that from a rulemaking perspective. Are there things that the commission can do? Because the FCC, in addition to having enforcement authorities, is a rulemaking agency, We’re looking at public awareness, reaching out to people to let them know that these are areas that we’re focused on. And then we’re also looking at it from an enforcement standpoint. How can we enforce the rules in the statutes? For instance, there’s what’s known as the CPNI statute, that’s the customer proprietary network information, and that is the information that telephone carriers collect about your account. Right. That what type of account do you have, how many lines where you’re located, that information. There are specific statutes and regulations that that address that. So we’re looking at it.

Tom Temin It sounds like there could be some fresh rulemaking at the end of the task force, or is there an end point to the task force?

Loyaan Egal I feel like this is a what you would call recession proof industry. Unfortunately just there’s the old adage from a from a famous bank robber named Willie Sutton back in the 1930s, who was reportedly asked why did he rob banks? And he said, because that’s where the money is. Fast forward 90 years later why are telecommunications and communications services companies high value targets? Because that’s where the data it. And so I think we’re going to continue to to to be working towards addressing that from a regulatory standpoint and an enforcement step.

Tom Temin And is this entirely an FCC affair or do you have other federal state agencies you might be working with that have impinging on this whole topic?

Loyaan Egal Yeah, we’re working we’re using the model that we use for the work that we’ve done on robocalls and robo text, where we entered into a number of memorandums of understanding with state attorney generals across the United States. And we’re going to use that same model for the Privacy and Data Protection Task Force. We’re going to work with partners at the state attorneys general offices throughout the country to bring forth a state federal approach. We’re also working with international partners, other regulators overseas who regulate these industries to understand what they’re seeing and best practices. So, again, federal, state, local, international, we’re hoping to work across the board.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    FILE - In this Sept. 16, 2017, file photo, a person uses a smart phone in Chicago. Most Americans across party lines have serious concerns about cyber attacks on U.S. computer systems and view China and Russia as major threats. That's according to a new poll by The Pearson Institute and the Associated Press-NORC Center for Public Affairs Research (AP Photo, File)

    The FCC strengthens its approach to data privacy and security

    Read more

    The time is now: Six considerations for the looming federal data privacy requirements

    Read more