06/27/2016 - Reply Comments, Response to Initial Regulatory Flexibility Analysis; Protecting the Privacy of Customers of Broadband and Other Telecommunications Services, WC Docket No. 16-106

Printer Friendly Version                               Fact Sheet

 

June 27, 2016

 

VIA ELECTRONIC SUBMISSION

Marlene H. Dortch, Secretary

Federal Communications Commission

445 12th Street SW

Washington, DC 20554

 

Re: Reply Comments, Response to Initial Regulatory Flexibility Analysis; Protecting the Privacy of Customers of Broadband and Other Telecommunications Services, WC Docket No. 16-106.

 

Dear Ms. Dortch:

The U.S. Small Business Administration’s Office of Advocacy (Advocacy) respectfully submits this ex parte letter to the Federal Communications Commission (FCC) regarding the above- referenced proceeding. After conducting outreach with small business stakeholders and reviewing the comments filed with the FCC on their behalf, our office has concerns that the FCC’s proposed rules will be disproportionately and significantly burdensome for small Broadband Internet Access Service (BIAS) providers. Given the impact of the proposed rules on small BIAS providers, Advocacy recommends that the FCC adopt measures to mitigate the disproportionate impact of compliance on small BIAS providers.

The Office of Advocacy

Congress established Advocacy under Pub. L. 94-305 to represent the views of small business before Federal agencies and Congress.  Advocacy is an independent office within the Small Business Administration (SBA), and the views expressed by Advocacy do not necessarily reflect the views of the SBA or the Administration.  Part of our role under the Regulatory Flexibility Act (RFA) is to assist agencies in understanding how regulations may impact small businesses, and to ensure that the voice of small businesses is not lost within the regulatory process.[1]   Congress crafted the RFA to ensure that regulations do not unduly inhibit the ability of small entities to compete, innovate, or to comply with federal laws.[2]  In addition, the RFA’s purpose is to address the adverse effect that “differences in the scale and resources of regulated entities” has had on competition in the marketplace.[3] 

Background

The FCC recently proposed a Notice of Proposed Rulemaking (NPRM) seeking comment on proposed revisions to the FCC’s rules pursuant to Section 222 of the Communications Act, as they relate to privacy for consumers of broadband internet service.  The NPRM specifically sought comment on “several regulations that could affect small providers, including (1) the provision of meaningful notice of privacy policies; (2) customer approval requirements for the use and disclosure of customer proprietary information PI; (3) the use and disclosure of aggregate customer PI; (4) the security of customer proprietary information; (5) data breach notification; (6) other practices implicating privacy; and (7) dispute resolution.”[4]

The FCC published an Initial Regulatory Flexibility Analysis (IRFA) with its NPRM; however, the FCC failed to comply with the RFA’s requirement to quantify or describe the economic impact that its proposed regulations might have on small entities. Small BIAS providers and their representatives have expressed concerns to the FCC and Advocacy regarding the disproportionate impact that the proposed regulations will have on their operations.  They have described heavy compliance burdens and offered a number of suggestions to the FCC that would ease the compliance burden on small BIAS providers, such as: delayed compliance schedules for small entities, small business exemptions from specific provisions, safe harbor provisions, grandfathering of customer consent, and best practices to give small entities more certainty in the compliance process.

Advocacy’s Comments

The FCC’s proposal would have significantly disproportionate economic impacts on small BIAS providers if finalized.  When it finalizes its rules, the FCC must show that it has analyzed the impact of its proposed rules on small BIAS providers, and properly considered regulatory alternatives to minimize that impact.  Additionally, Advocacy recommends that the FCC adopt measures to mitigate the disproportionate impact of its proposal on small entities.

The FCC Must Describe or Quantify the Economic Impact of its Rules on Small Entities

The FCC has not quantified or described the economic impact of its proposed rules on small entities; however, stakeholders have filed comments expressing concerns about the economic impact of the proposal on small BIAS providers.  Section 607 of the RFA requires agencies to develop a quantitative analysis of the effects of a rule and its alternatives using available data.[5] If quantification is not practicable or reliable, agencies may provide general descriptive statements regarding the rule’s effects.[6]  In its RFA analysis, the FCC simply describes compliance requirements and seeks comment on compliance costs, without making any attempt to explain what kinds of costs small BIAS providers might incur in order to comply, and without any discussion of how those costs might be disproportionately burdensome for small entities.[7]

Many commenters have stated that the rule will disproportionately affect small BIAS providers, and have described the massive efforts they will have to undertake to comply with the FCC’s proposals.[8]  Costs described by small BIAS providers include, but are not limited to consulting fees, attorney’s fees, hiring or training in-house privacy personnel, customer notification costs, and opportunity costs.[9]  The FCC has provided no estimate of the paperwork hours required to comply with the regulations. To comply with the RFA, the FCC must acknowledge and discuss the small business impacts described by commenters when it publishes the Final Regulatory Flexibility Analysis (FRFA), as required under Section 604 of the RFA.[10]

The FCC Must Provide a Meaningful Analysis of Burden-Reducing Alternatives

When an agency proposes rules that will have a significant economic impact on a substantial number of small entities, the RFA requires the agency to analyze feasible alternatives that will mitigate the impact of its rules on small entities.  When it publishes its final rules, the FCC’s FRFA should reflect the extent to which the FCC has mitigated the impacts discussed above by adopting additional regulatory flexibilities for small BIAS providers. 

Section 604 of the RFA requires that the FCC provide an analysis of significant alternatives to the proposed rule.[11]  This analysis should include “a description of the steps the FCC has taken to minimize impacts to small entities, including a statement of the factual, policy, and legal reasons for selecting the alternative adopted in the final rule and why each one of the other significant alternatives to the rule considered by the agency which affect the impact on small entities was rejected.”[12] Advocacy urges the FCC to include a discussion of all alternatives raised by small business representatives in the record, and explain its reasoning for adopting or declining to adopt each alternative.

Advocacy Recommends that the FCC Adopt Measures to Mitigate Small Business Costs

The record in this proceeding would support any effort by the FCC to mitigate the disproportionate compliance burden its proposal would have on small BIAS providers. Because of resource constraints, complying with the proposed rules will be significantly more difficult for small BIAS providers. Commenters have given the FCC several suggestions that would reduce compliance burdens for small BIAS providers, while still ensuring the FCC meets its consumer privacy goals. Specifically, Advocacy strongly supports suggestions that the FCC adopt delayed compliance schedules for small BIAS providers.[13]  Giving small providers more time to comply with the FCC’s rules will allow them to spread costs and manage their limited resources in a way that will minimize harm to their ability to serve customers.  Advocacy also supports exemptions for small BIAS providers wherever practicable.[14]

Conclusion

The Office of Advocacy appreciates this opportunity to forward the concerns of small businesses and advocate for regulatory flexibility on their behalf.  The FCC must analyze the impact of its proposed regulations on small entities, as well as alternatives that would mitigate those impacts.  Given the significant and disproportionate impact that the FCC’s proposals would have on small BIAS providers, Advocacy encourages the FCC to adopt burden-reducing alternatives for small BIAS providers when it issues final regulations.  Please do not hesitate to contact me or Assistant Chief Counsel Jamie Saloom at 202/205-6890 should you require further information.

 

 

                                                                                                Sincerely,

 

                                                                                                /s/

                                                                                                Darryl L. DePriest

                                                                                                Chief Counsel for Advocacy

 

                                                                                                /s/

                                                                                                Jamie Belcore Saloom

                                                                                                Assistant Chief Counsel

cc: Hon. Howard Shelanski

      Office of Information and Regulatory Affairs

 

[1]   Pub. No. 96-354, 94 Stat. 1164 (1980).

[2]   Pub. L. 96-354, Findings and Purposes, Sec. 2 (a)(4)-(5), 126 Cong. Rec. S299 (1980).

[3]     Pub. L 96-354, Findings and Purposes, Sec. 4, 126 Cong. Rec. S299 (1980).

[4]     Protecting the Privacy of Customers of Broadband and Other Telecommunications Services, WC Docket No. 16-106, Notice of Proposed Rulemaking (Rel. Apr. 1, 2016) [Hereinafter NPRM], at 128.

[5]     5 U.S.C. § 607

[6]     Id.

[7]    Protecting the Privacy of Customers of Broadband and Other Telecommunications Services, WC Docket No. 16-106, Notice of Proposed Rulemaking (Rel. Apr. 1, 2016) [Hereinafter NPRM], at 128-30.

[8]    See e.g. Comments of the Wireless Internet Service Providers Association (WISPA Comments), WC Docket No. 16-106 (filed May 27, 2016) at 26; Comments of the American Cable Association (ACA Comments), WC Docket No. 106 (filed May 27, 2016) at 24; Comments of the Rural Wireless Association (RWA Comments), WC Docket No. 16-106 (filed May 27, 2016) at 6; Comments of WTA-Advocates for Rural Broadband (WTA Comments), WC Docket 16-106 (filed May 27, 2016) at 19.

[9]     Id.

[10]    5 U.S.C. § 604

[11]     Id.

[12]     Id.

[13]    See e.g. WISPA Comments, supra note 8 at 27 (suggesting that, at a minimum, small providers be given up to two years after the effective date of any rules to meet requirements, to enable them to “assess their obligations, budget for lawyers, consultants, train personnel, and establish internal systems to ensure compliance); RWA Comments, supra note 8 at 7 (expressing strong support for a two year compliance extension for small providers, noting that the “Commission has historically given small carriers more time to comply with its rules”).

[14]    See e.g. ACA Comments, supra note 8 at iv (recommending that the FCC “[e]xempt small providers from the specific “minimum” data security requirements that it sets forth in proposed Section 64.7005(a) and add “the size of the BIAS provider” to the factors that the Commission must consider when assessing the reasonableness of a BIAS provider’s security program; [e]xempt small providers from the more onerous elements of its customer approval framework by grandfathering existing customer consents and exempting small providers from the requirement to obtain additional approval where they do not share sensitive personal information with third parties for marketing purposes; [e]xempt small providers from several elements of the Commission’s proposed data breach notification rule (as applied to both voice services and BIAS) by exempting small providers from the specific notification deadlines in favor of an “as soon as reasonably practicable” standard; and exempt small providers from any customer dashboard requirements that it adopts pursuant to its notice and choice regulations”).