MEF CEO Dario Betti discusses the news that the Federal Communications Commission and California Privacy Protection Agency have signed a Memorandum of Understanding to enhance consumer privacy and data security by aligning their efforts.
The Federal Communications Commission (FCC) and the California Privacy Protection Agency (CPPA) have announced a Memorandum of Understanding (MOU) to enhance consumer privacy and data safeguards. The agreement was announced on October 29, 2024 and described as a way to improve consumer privacy and data security for USA citizens by aligning the efforts of both agencies. This partnership reflects a growing trend of government collaboration to address privacy concerns in an increasingly data-driven world.
Benefits of the FCC-CPPA Partnership
The partnership between the FCC and the CPPA is significant for several reasons:
- Sharing of expertise and resources: The MOU facilitates the exchange of knowledge and resources between the federal and Californian agency, enabling them to learn from each other’s experiences and best practices.
- Coordinated investigations: The agencies will work together to conduct investigations into potential privacy violations, improving efficiency and effectiveness.
- Enhanced enforcement: The collaboration empowers both agencies to take stronger enforcement actions against entities that violate consumer privacy.
- Increased consumer protection: The partnership ultimately aims to provide better protection for consumers’ privacy and data security.
Examples of FCC’s Actions on Privacy and Data Protection
The FCC has been active in addressing privacy and data protection issues. It has taken several actions to protect consumer privacy, including:
- Fining major wireless carriers for selling user location data without consent. The FCC imposed fines totalling almost $200 million on major wireless carriers for selling user location data to third parties without obtaining user consent.
- Establishing the Privacy and Data Protection Task Force. This task force was launched in June 2023 to address privacy and data protection issues under the FCC’s authority.
- Partnering with the Office of the Privacy Commissioner of Canada. This partnership, established through an MOU in August 2024, aims to ensure that telecommunications carriers adhere to strict privacy and cybersecurity standards.
- Securing consumer privacy upgrades from major wireless carriers. The FCC reached agreements with T-Mobile, AT&T, and TracFone to enhance data protection, cybersecurity, and consumer privacy measures.
The FCC acknowledges that data breaches can exacerbate the risks posed by these scams by providing scammers with personal information that makes it easier to steal cell phone accounts. The Task Force’s work includes coordinating rulemaking, enforcement, and public awareness efforts to combat these and other privacy and data protection threats.”
Specific Types of Privacy and Data Fraud types:
The FCC’s Privacy and Data Protection Task Force aims to address SIM swapping scams and port-out fraud as part of its work on privacy and data protection issues.
SIM swapping scams occur when scammers trick wireless carriers into transferring a victim’s phone number to a SIM card controlled by the scammer. This gives the scammer access to the victim’s calls, texts, and online accounts, potentially leading to identity theft and financial fraud.
Port-out fraud is a similar tactic where scammers transfer a victim’s phone number to a different carrier, again giving them control over the victim’s communications and potentially allowing them to bypass security measures for online accounts.
The FCC acknowledges that data breaches can exacerbate the risks posed by these scams by providing scammers with personal information that makes it easier to steal cell phone accounts. The Task Force’s work includes coordinating rulemaking, enforcement, and public awareness efforts to combat these and other privacy and data protection threats.
The MOU’s Impact on Data Brokers
The MOU is particularly relevant for data brokers, who are facing increased scrutiny under California’s privacy laws. The CPPA has announced its intention to review data brokers’ compliance with the Delete Act, which grants California residents the right to demand the deletion of their personal data from data brokers’ records. With the FCC’s involvement, data brokers can expect even greater oversight and enforcement efforts.
The role of the FCC: communication focus
The Federal Communications Commission is an independent U.S. government agency responsible since 1934 for regulating interstate and international communications via radio, television, wire, satellite, and cable. The FCC’s role is to ensure that communication services are accessible, reliable, and, in some areas, competitively priced. It works to promote technological innovation, manage public airwaves, protect consumers, and uphold laws that prevent interference and promote fair competition. Some of the FCC’s key functions include:
- Allocating spectrum
- Issuing licenses
- Enforcing laws on indecency and consumer protection, especially in communications and advertising.
- Setting standards for telecommunications and internet services to ensure nationwide access.
The FCC’s policies significantly impact the telecom industry, media, internet service providers, and any sectors involving communication technology.
CPPA: a Unique Role in Privacy Protection in the USA
The FCC is potentially familiar to most of MEF’s readers, it is worth to expand on the younger and more specific CPPA. The CPPA was set up in 20200 and it stands out as the only state agency solely dedicated to protecting consumer privacy rights for the state of California. It is seen as the most advanced of the Privacy Framework in the USA.
Unlike state Attorneys General offices, which enforce all state laws, the CPPA focuses exclusively on enforcing the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). This singular focus enables the CPPA to be a leader in privacy regulation in the USA. In addition, the CPPA possesses both rulemaking and enforcement powers, allowing it to take a comprehensive approach to data privacy regulation. The CPPA has the authority to create new regulations in California to ensure compliance with the CCPA/CPRA. For example, the CPPA can establish specific requirements for businesses handling consumer data, going beyond just enforcement.
The CPPA’s sole mission is to protect consumer privacy rights, making it a specialized agency in this domain. Unlike the FCC, which has a broader mandate covering various aspects of communications, the CPPA’s resources and expertise are entirely dedicated to privacy. This singular focus allows the agency to be at the forefront of privacy regulation and enforcement.
Importance of Federal-State Collaboration
The MOU between the FCC and the CPPA exemplifies the importance of collaboration between federal and state agencies in protecting consumer privacy. The FCC already has data privacy partnerships with Attorneys General in several states. These partnerships have shown some encouraging signs in areas like combating robocalls.
The FCC’s partnership with the CPPA, with its unique focus and authority, is expected to significantly enhance consumer privacy protection. This collaboration signals a growing trend of federal and state agencies working together to address the evolving challenges of data privacy in the digital age.
Conclusion
The MOU between the FCC and the CPPA marks a significant step in the ongoing effort to safeguard consumer privacy and data security. This partnership leverages the strengths of both agencies, combining the CPPA’s expertise in California’s privacy laws with the FCC’s broader regulatory authority over communications. By sharing resources, coordinating investigations, and enhancing enforcement, the FCC and the CPPA aim to create a more robust and comprehensive approach to consumer privacy protection. This collaboration serves as a model for future partnerships between federal and state agencies seeking to address the complex challenges of data privacy in an increasingly interconnected world.