A Sanctuary City for Data Privacy?


The New York City government is looking into ways to enforce stricter data privacy laws in the mold of the recently-scrapped FCC rules governing how internet service providers collect, store, and sell user information. The move sets New York City up to become a sanctuary for citizens looking for a little more privacy online. To start, the city has announced a new privacy policy for the free, public wi-fi kiosks that dot the city, one that clearly states that browsing history will not be stored or sold.

In a Technology Committee hearing on data privacy this Monday afternoon, Council Member James Vacca and other city officials positioned themselves and their work in opposition to the federal government with regard to consumer privacy online. In his opening statement, Vacca described both internet access and privacy as fundamental human rights.

“Lately, digital privacy rights—and countless other rights—have been under attack by the federal government,” Vacca said. “Our City has the opportunity to stand as an example for other cities around the country that are looking to adopt the latest technology, while maintaining residents’ privacy.”

Vacca’s comments were echoed by representatives of the de Blasio administration.

“Before concluding, I’d once again like to reinforce that we share the Council’s concerns about recent actions on the federal level,” said Anne Roest, New York City’s Chief Information Officer and Commissioner of the Department of Information Technology and Telecommunications (DoITT), at the end of her prepared remarks. “As you know, Congress recently passed, and the President signed, legislation that unravels essential protections of Americans’ online privacy. Unfortunately, with the leadership in place in the White House, Congress, and the Federal Communications Commission (FCC), these kinds of mandates will only become more commonplace. We will continue to monitor these efforts and comment as necessary in collaboration with the CTO’s office, but we also welcome your feedback and suggestions on these crucial matters.”

This is not the first time Roest and her colleagues have positioned themselves in opposition to the Trump administration on this issue. Earlier this month, Roest issued a statement along with Chief Technology Officer Miguel Gamiño on the repeal of federal internet privacy protections, calling the legislation “unconscionable.”

“We are prepared to fight these atrocious invasions of privacy wherever and whenever we can,” reads the statement. “We will continue to implement strict privacy policies for public wi-fi directly provided by the City, such as LinkNYC.”

“This law serves no one except the multi-national corporations that lobbied for it,” they conclude. “It’s clear that the President and congressional Republicans may be willing to put everyday Americans’ personal information up for sale. New York City is not.”

In their statement, Roest and Gamiño announced their intention to create an Internet Health and Human Rights working group.

In the hearing Monday, Roest pointed to the new privacy policy for LinkNYC, the free wi-fi kiosks popping up all over the city, as an example of one of the strongest possible privacy policies for a public wi-fi service.

The vendor that supplies the city with LinkNYC kiosks, CityBridge, updated the LinkNYC privacy policy in March after consumer and privacy advocates drew the public’s attention to gaping holes in the original policy more than a year ago. Roest said that the new policy was written in cooperation with the City and according to their demands.

In addition to enforcing stricter privacy policies for city services like LinkNYC, Gamiño also said that city officials are looking into how they can step in and regulate ISPs.

“We worked with the Council to the Mayor to initiate a comprehensive legal review of the city’s authority to protect New Yorkers’ privacy when connected to the internet,” Gamiño said. “Specifically this review includes an evaluation of the authority the city may have over the privacy policies of internet service providers, how and to what extent the city is exercising this authority currently, and whether the city can expand the exercise of its available authority to achieve at minimum the privacy protections for internet service consumers that Congress and the President have recently repealed.”

New York City is not alone in the effort to step in and fill the gap in privacy protections left by the repeal of the FCC rules. A number of states are rushing to draw up privacy bills to protect their residents, James Willcox reported for Consumer Reports. In New York State, Democratic Senator Timothy Kelly has introduced a bill to prohibit ISPs from selling users’ browsing history or other identifying information to third party companies, and a second bill would require ISPs to keep user data confidential without written consent.