Consumer Privacy Dimensions of the FCC’s Cable Box Proposal

By: Dan Davidson

The Federal Communications Commission (FCC) recently proposed increasing competition in the market for cable boxes, devices that are necessary to view cable television programming, but cost on average $20 per month to rent.[1]  Consumers presently have little choice but to rent a cable box from their cable provider; the FCC hopes enabling other companies to enter the market will drive down the price.[2]  While the FCC’s proposal reads like an antitrust measure, a number of privacy issues lurk beneath the surface.

To understand why opening up the cable box market implicates privacy, it is important to recognize that cable boxes can provide a wealth of information about their users.  Cable companies generate revenue in part through marketing deals rooted in their ability to control the interface—i.e., the cable box—a consumer uses to access content.[3] It is not surprising, then, that companies like Apple and Google are expected to take advantage of the FCC’s proposal, if it takes effect. These companies, if they entered the cable box market, “would gain an unprecedented, Netflix-like visibility into customers’ viewing habits that they could then attempt to use for advertising purposes.”[4] Put simply, cable boxes represent another means by which to collect valuable consumer data.

It is easy to imagine how a cable box made by Apple or Google would be a product consumers were eager to purchase.  Imagine a single box next to your monitor that integrated live cable television, DVR capability, Netflix, and movie rentals from iTunes, and all at a lower price than you currently pay for your cable box.[5] Arguably, consumers will make a rational decision whether to stick with their cable company’s cable box, or furnish the Apples of the world with information about their cable watching habits, in exchange for a lower-cost, better-functioning cable box.

Such a hypothetical scenario exposes, however, consumers’ lack of any real ability to make such rational choices regarding their data. Indeed, the notion of handing over information about cable-watching habits to a company like Google handily illustrates Katherine Strandburg’s argument that the whole notion of “paying” for services with data is a myth. The disutility for consumers in handing over this information is all but impossible to estimate ahead of time—consumers could not possibly predict how Google will make use of their cable-watching habits, and therefore are in no position to accurately judge the potential harms that might arise from, for example, aggregating this data with other data points Google already possesses.[6]

The FCC’s proposal will “contain a set of privacy provisions aimed at making sure new cable-box manufacturers don’t abuse the data they collect on viewer behaviors.”[7]  But those provisions should not allay privacy advocates’ concerns about companies whose business models are driven by behavioral data getting into the cable box market.

The privacy provisions would essentially bind new entrants into the cable box market to the current laws and regulations governing how cable companies use consumer data they collect via cable boxes.[8]  These rules are deeply rooted in the notion of consent—as a very general matter, cable companies are prohibited from collecting “personally identifiable information” or sharing that data with third parties without first obtaining consent from consumers, except when sharing is necessary for providing cable service.[9]

But a paradigm relying on consumer consent is hardly a strong defense against privacy violations. Scholars have noted “the lack of either informed or voluntary consumer consent to the privacy practices of websites,” so it is not clear that a consent-based privacy protection regime does much work for consumers.[10]

Opening up the cable box market will create opportunities for new players to access cable-watching consumer data. Those new players may aggregate or analyze that data in new and unanticipated ways. The FCC’s proposal thus creates the potential for a convergence of factors that would adversely affect consumer privacy. In light of these concerns, consumer advocates should question whether simply retaining the current consent-based privacy regime around cable boxes would sufficiently protect consumers’ privacy interests.

[1] Brian Fung, This new government proposal aims to cut your cable costs, Washington Post (Jan. 27, 2016), https://www.washingtonpost.com/news/the-switch/wp/2016/01/27/how-a-new-government-proposal-aims-to-cut-your-cable-costs/.

[2] Id.

[3] Nilay Patel, Inside the FCC’s audacious plan to blow up the cable box, The Verge (Jan. 28, 2016), http://www.theverge.com/2016/1/28/10858658/fcc-unlock-the-box-open-cable-plan.

[4] Brian Fung, Third-party cable boxes won’t be allowed to spy on you (too much), regulators vow, Washington Post (Feb. 10, 2016), https://www.washingtonpost.com/news/the-switch/wp/2016/02/10/third-party-cable-boxes-wont-be-allowed-to-spy-on-you-too-much-regulators-vow/.

[5] Patel, supra note 3.

[6] Cf. Katherine J. Strandburg, Free Fall: The Online Market’s Consumer Preference Disconnect, 2013 U. Chi. Legal F. 95, 132 (2013).

[7] Fung, supra note 4.

[8] Id.

[9] Id.

[10] Ira S. Rubinstein, Privacy and Regulatory Innovation: Moving Beyond Voluntary Codes, 6 I/S: J.L. & Pol’y Info. Soc’y 356, 363 (2011); see also, Strandburg, supra note 6, at 151 (discussing the lack of meaningful consent in the consumer data context).