Yesterday, TechFreedom filed an amicus brief urging the U.S. Court of Appeals for the Sixth Circuit to set aside the FCC’s 2024 Data Breach Reporting Requirements Rule. In 2017, Congress used the Congressional Review Act (CRA) to nullify the FCC’s Broadband Privacy Order, which contained the 2016 Data Breach Notification Rule. Although the CRA prohibits the FCC from reissuing the rule or any similar rule, the FCC is forging ahead with the data breach notification rule—despite clear congressional disapproval.

“Despite Congress’s clear directive to abandon it, the FCC pushes forward with the Data Breach Reporting Rule,” said Andy Jung, Associate Counsel at TechFreedom. “The FCC twists the text of the CRA to obscure the fact that the 2024 Rule is substantially the same as, and functionally identical to, the rule Congress rejected in 2016. This is not how regulatory agencies should respond when rebuked by the people’s representatives.”

“The FTC’s restrained regulatory approach to children’s advertising post-1980 should serve as a model here—in stark contrast to the current-day FCC.” Jung concluded. “Congress rejected the ‘KidVid’ rule in 1980, and the FTC has never sought to reissue any substantially similar rules. The FCC’s response has been antithetical: it flouts the will of Congress by reissuing a rejected rule.” 

The case is Ohio Telecom Association v. FCC, No. 24-3133 (6th Cir.).


Find this brief and release on our website, and share it on Twitter, Bluesky, Mastodon, Facebook, and LinkedIn. We can be reached for comment at Read our related work, including:

About TechFreedom:

TechFreedom is a nonprofit, nonpartisan technology policy think tank. We work to chart a path forward for policymakers towards a bright future where technology enhances freedom, and freedom enhances technology.