Flake's announcement said he's trying to "protect consumers from overreaching Internet regulation." Flake also said that the resolution "empowers consumers to make informed choices on if and how their data can be shared," but he did not explain how it will achieve that. The privacy order had several major components. The requirement to get the opt-in consent of consumers before sharing information covered geo-location data, financial and health information, children's information, Social Security numbers, Web browsing history, app usage history, and the content of communications. This requirement is supposed to take effect on December 4, 2017. The rulemaking had a data security component that required ISPs to take "reasonable" steps to protect customers' information from theft and data breaches. This was supposed to take effect on March 2, but the FCC under newly appointed Chairman Ajit Pai halted the rule's implementation. Another set of requirements related to data breach notifications is scheduled to take effect on June 2. Flake's resolution would prevent all of those requirements from being implemented. He said that this "is the first step toward restoring the [Federal Trade Commission's] light-touch, consumer-friendly approach." Giving the FTC authority over Internet service providers would require further FCC or Congressional action because the FTC is not allowed to regulate common carriers, a designation currently applied to ISPs.
