Issue 3

Article

 

Deja vu All Over Again: Questions and a Few Suggestions on How the FCC Can Lawfully Regulate Internet Access
By Rob Frieden

Professor Frieden assesses the current state of the FCC’s Open Internet Order of 2015, which converted consumer broadband Internet access into a Title II service, as well as the potential outcomes of ongoing challenges to the lawfulness of its provisions. This article analyzes the likelihood that the FCC will succeed using their current theories of regulatory authority, and offers alternative prospects for lawful regulation of Internet access in the event that the Order is reversed or otherwise negatively affected by a judicial decision.

Communications Law: Annual Review
By the Judicial Practice Committee of the Federal Communications Bar Association

Data Privacy in Our Federalist System: Toward an Evaluative Framework for State Privacy Laws
By Tony Glosson

States are enacting data privacy regulations at an ever-increasing pace. California led the way in 2013, enacting several new onerous data privacy laws that drew the ire of the technology sector.

This note addresses the Dormant Commerce Clause implications of statutes like California’s new Do Not Track and Online Eraser laws. It overviews the Supreme Court’s Dormant commerce clause jurisprudence, including the two primary substantive doctrines constituting the cannon of Dormant Commerce Clause jurisprudence: extraterritoriality and Pike balancing.

Drawing on the above doctrines, along with the parallels between state data privacy laws and earlier statutes invalidated under the Dormant Commerce Clause, this note concludes that many state data privacy laws are unconstitutional regulations of interstate commerce because they impose burdens exceeding the putative benefits of their in-state effects.

Cross-Border Commerce without Constraint: Shifting from Territorial-Based Regulation to an Industry-Based Code of Conduct for the Online Payment Processing Industry
By Anna Myers

Data breaches are increasingly frequent and the data security standards promulgated to prevent those breaches are ineffective because they are based on a territorial regulation model. The regulations control based on where the data is located ignoring the modern reality of online global economies and commerce.

Online payment processors are particularly targeted in cyber-attacks because they collect personally identifiable information and sensitive financial information to facilitate online transactions. The regulation needs to shift from a territorial based model to an industry-based model that accounts for individual businesses’ needs and is purposed for the information those businesses collect and maintain.

This objective is best achieved through a self-regulated industry code of conduct. The code of conduct should be based in sound principles adapted to the specific industry, should be flexible to adapt to emerging technologies and varying business practices, and should be enforceable through a comprehensive enforcement program.