February 11, 2016

The Honorable Tom Wheeler
Chairman
Federal Communications Commission
445 12th St. SW
Washington, D.C. 20554
Dear Chairman Wheeler,
As associations representing a large cross-section of the technology companies that make up
today’s vibrant Internet economy, our collective members are committed to providing consumers
with innovative products and services and are equally committed to earning consumer trust and
respecting privacy. If the courts determine that the FCC has authority to regulate broadband
privacy, we encourage you to develop a framework that offers consumers robust privacy
protection, while at the same time allowing broadband providers to continue to innovate and
compete. We recommend that any FCC framework be consistent with the successful FTC
approach, which is grounded on prohibiting unfairness and deception. The FTC’s time-tested
framework has accomplished two important goals—it provides consumers with meaningful
privacy protection and helps to enable a dynamic marketplace that supports the emergence of
innovative new business models. By developing a consistent framework, the FCC will further
these important goals.
Our member companies recognize that ensuring robust privacy protection is important and have
devoted substantial capital, resources and personnel to develop, maintain, and enhance
meaningful data privacy and security programs. Indeed, our companies have strong incentives to
earn and maintain their customers’ loyalty by protecting their data. In the rapidly evolving
online marketplace, our companies want to ensure that they can continue to provide such
protections while meeting consumers’ expectation of continued access to new innovations that
enhance their experience.
All companies in the Internet ecosystem, including Internet service providers, have long operated
under the FTC regulatory regime for protecting consumer privacy. The aim of this well-tested
approach is to combine strong protections for consumers with flexibility that allows for rapid
innovation. Under the FTC regime, all companies in the Internet ecosystem must ensure that

 their privacy and data security practices are neither deceptive nor unfair. As a result, consumers
are protected and all companies that collect consumer data should be able to innovate and adapt
to the inevitable changes in technology and the market for online services.
We understand the FCC is considering initiating a proceeding to consider how Section 222 of the
Communications Act, which governs Customer Proprietary Network Information (“CPNI”),
should apply to broadband Internet access service. The applicability of Section 222 in this
context is currently subject to judicial review. If the Commission nonetheless moves forward in
this space, consumers would be best served by an approach to privacy and data security for CPNI
that is harmonized with the FTC’s established privacy protection framework based on
enforcement against unfair and deceptive acts or practices.
You have recognized that the FTC has a longstanding, thoughtful, and rational approach to
privacy, and you have committed to working closely with the FTC and to developing a consistent
privacy framework for Internet service providers. Ensuring consistency with this effective
consumer protection approach would be in accordance with statements supporting the FTC’s
privacy regime and endorsing the benefits of a consistent privacy framework for the Internet in
the 2010 National Broadband Plan, the FTC’s and White House’s 2012 Privacy Reports, and the
White House’s 2015 Consumer Privacy Bill of Rights.
We believe it is important to maintain a consistent privacy framework for the Internet. Such an
approach will protect consumers and avoid entity-based regulation that would create consumer
confusion and stifle innovation. Consumers expect their data will be subject to consistent privacy
standards based upon the sensitivity of the information and how it is used regardless of which
entity in the Internet ecosystem uses that data. To achieve parity across the Internet ecosystem,
any FCC framework for Internet service providers should be reflective of the deception and
unfairness standard, consistent with the existing protections consumers receive when they engage
with other companies in the Internet ecosystem.
A consistent privacy framework for the Internet also will continue to provide Internet service
providers with the flexibility to update their practices in ways that meet the evolving privacy and
data security needs of their customers and ensure they can provide their customers new products
and customized services. Such a framework would identify privacy or security goals, and afford
providers, including smaller providers with limited resources, flexibility in achieving those goals.
Rules dictating specific methods quickly become out of date and out of step with constantly
changing technology, and will only hamper innovation and harm consumers.
In short, if you seek to initiate a proceeding under Section 222, we respectfully urge you to
ensure that the FCC acts in a manner consistent with the strong current national privacy
framework applied by the FTC to other companies in the Internet ecosystem. This flexible
approach would meet consumers’ privacy needs while allowing them to take advantage of
innovative products and services, and would avoid inconsistent oversight. We look forward to
continuing a conversation with the FCC about the best way to provide privacy and innovation
benefits to consumers.

 Matthew M. Polka
President & CEO
American Cable Association

Steven K. Berry
President & CEO
Competitive Carriers Association

Gary Shapiro
President & CEO
Consumer Technology Association

Meredith Attwell Baker
President & CEO
CTIA

Jim Halpert
President & CEO
Internet Commerce Coalition

Michael Powell
President & CEO
National Cable & Telecommunications Association

Walter B. McCormick, Jr.
President & CEO
U.S. Telecom Association

cc: The Honorable Mignon Clyburn
The Honorable Jessica Rosenworcel
The Honorable Ajit Pai
The Honorable Michael O’Rielly