Last year at this time, I announced that the Federal Communications Commission was creating its first-ever Privacy and Data Protection Task Force. So on the Task Force’s one-year anniversary, it is worthwhile to take a look at its impact. Obviously, I’m biased, but I believe any objective analysis would acknowledge that the volume and variety of the Task Force’s first-year achievements are downright impressive.
For starters, the Task Force has been a driving force behind several big policies adopted by the Commission.
To give one high-profile example, I was recently invited to the White House to tout the FCC’s work to mitigate the privacy risks created by connected cars. The Task Force’s leaders recognized that, in the wrong hands, the built-in connections in the latest cars can be used to do real harm. This January, I wrote to auto manufacturers and wireless carriers to seek their help protecting survivors of domestic violence from the misuse of connected car tools by abusers. This letter has yielded results. In March, GM announced that it will cease sharing private location information with data brokers. Going even further, the Task Force helped craft proposed rules to explore ways we can empower survivors to separate the connections in their cars so they cannot be stalked and harmed by abusers seeking to access sensitive data about where they go and what they do.
The Task Force played a key role in updating the Commission’s data breach notification rules for the first time in 16 years. Adopted in December 2023, the Commission’s new rules will hold phone companies accountable for safeguarding sensitive customer information, while providing consumers new tools to protect themselves in the event that their data is compromised.
In November 2023, the Commission adopted rules to crack down on scammers who take over victims’ mobile phone accounts by covertly swapping SIM cards to a new device or porting phone numbers to a new carrier. The Task Force not only helped to shape these rules, it is taking the lead in closing the loophole that leaves consumers open to this kind of fraud.
The Task Force also helped craft the first-ever voluntary cybersecurity labeling program for connected smart devices. Approved in March 2024, the new “U.S. Cyber Trust Mark” will empower consumers to choose more secure smart products for their homes, while encouraging companies to meet higher cybersecurity standards.
This is not a complete list of the rulemakings the Task Force has aided, but you get the point: the Task Force is not just developing ideas, it’s delivering meaningful policy changes.
Beyond contributing to rulemakings, the Task Force has worked closely with the FCC’s Enforcement Bureau to step up efforts to go after companies that fail to protect the privacy of their customers.
The Task Force is actively aiding multiple ongoing investigations into privacy and data protection practices of various carriers, including investigations into carrier data breaches and breaches at vendors. And it has already helped key investigations get over the finish line.
Just last week, the FCC’s Enforcement Bureau entered into a settlement with Liberty Latin America over its failure to report a data breach in a timely manner. This is a good example of the Commission’s commitment to protecting the integrity of our nation’s communications networks, which transmit the sensitive personal data of U.S. residents.
This April, the Commission fined the nation’s largest wireless carriers $200 million for illegally sharing access to customers’ location information without consent. This action came after news reports revealed that the largest wireless carriers in the country were selling our real-time location information to data aggregators, allowing this highly sensitive data to wind up in the hands of bail-bond companies, bounty hunters, and other shady actors.
In July 2023, the Commission adopted a proposed fine of $20 million against Q Link and Hello Mobile, which are affiliated mobile carriers, for their apparent failure to protect the privacy and security of subscribers’ personal data.
One of the reasons we founded the Task Force was to maximize coordination on privacy issues. This goal applies not only to the Commission’s internal efforts, but also to external stakeholders. The Task Force is leveraging its impact by helping to forge new partnerships with state, federal, and international collaborators.
This February, the FCC and the United Kingdom’s Information Commissioner’s Office Task Force entered into a formal partnership to cooperate on efforts to protect consumers’ privacy and sensitive data. This was the Commission’s first-ever international Memorandum of Understanding (MOU) with another country on privacy and data protection.
At the federal level, the Commission signed an Memorandum of Understanding this April with the Federal Trade Commission to partner on consumer protection issues, including privacy.
At the state level, the FCC entered our first-ever privacy and data protection enforcement partnerships with four State Attorneys General, and we’re in talks with other State AGs to grow that list.
Since the Task Force’s creation, the FCC has more than doubled the number of staff working on privacy and data protection enforcement investigations. In addition, we’ve integrated technologists, software and hardware engineers, and other subject matter experts in our enforcement matters. We are committed to supporting law enforcement by making this increased technical expertise available to all of our partners.
When we created the Privacy and Data Protection Task Force a year ago, I cited three key forces driving this decision. One, we live in an era of always-on connectivity, which can mean a sacrifice of our privacy. Two, the market incentives to monetize our online data is enormous and growing. And, three, the number of third parties participating in our digital age connections has multiplied exponentially. All three trends have shown no signs of letting up, so neither will the Task Force. I am grateful to Task Force Chair Loyaan Egal and his partners across the agency for all they have accomplished in year one. I look forward to working with them and making even more progress to protect consumers in the days ahead.
— Jessica