Last year, the bill requiring that Internet service providers get permission to pass data to third parties failed in the Senate by one vote. This iteration narrows that scope to privacy protection, leaving out the issue of net neutrality.
(TNS) — A bill going before a legislative committee Tuesday would require Maine Internet service providers to receive customers’ consent before sharing or selling their data to third parties.
Rep. Shenna Bellows, D-Manchester, is re-introducing a version of privacy legislation she sponsored last year. The bill, which has drawn bipartisan support, would put Maine in the vanguard of states trying to protect consumer privacy online.
So far, only Minnesota has a similar law on the books, after federal regulators and Congress have refused to require ISPs to protect customers’ data. Bellows’ bill failed to pass the Senate last year by one vote.
“You pop a letter into the mailbox, you would never assume that the contents of your letter then belong to the U.S. Postal Service,” Bellows said. “But that’s exactly what the feds have said to the Internet service providers. Under the current law anything you transmit over the Internet belongs to your Internet service provider.”
Bellows said while much of that data may be encrypted, it still belongs to the person who created it, whether it’s an email address or an online bank record or a history of the web pages a person has been surfing.
Lawmakers on the Legislature’s Energy, Utilities and Technology Committee will hold a work session and vote on the bill Tuesday. The bill would require companies that provide Internet services in Maine to receive written consent from customers before they could sell or share data.
The measure is known as an “opt-in” law requiring consumers to provide affirmative permission to sell or share their data, as opposed to laws that would allow a consumer to opt-out by asking an ISP to not share their data.
The measure is similar to a bill that Bellows sponsored in 2018 that also took on the issue of net neutrality, which requires ISPs to treat all data fairly, including with regard to transmission speeds.
Bellows said her current bill narrows the focus to privacy protection only, to avoid arguments that the state is trying to regulate interstate commerce, which is strictly the domain of the federal government.
Bellows said her bill would apply only to companies that provide Internet services to people in Maine.
Sen. Stacey Guerin, R-Glenburn, a co-sponsor of the bill, said states cannot wait for Congress to catch up. She said the legislation restores control of personal information to the consumer.
“Internet providers have access to some of our most personal information, including browsing history, location history and contacts,” Guerin said. “Taken together, this data could paint an intimate picture of a person’s religion, medical conditions, and even their hobbies.”
But opponents to the bill, including lobbyists for some of the nation’s largest telecommunications companies or associations, argued against the measure at a public hearing last week.
They said the bill adds to an already complex patchwork of state laws that attempt to regulate the Internet, increasing costs for businesses and consumers. They said most Internet service providers have vowed to protect privacy, even though they are not legally required to do so, or to even disclose if they have shared any of their customers’ data under federal law.
In written testimony to the committee, Patrick Halley, a lobbyist for USTelecom, an association of U.S. broadband providers, said the state law also would likely face legal hurdles.
“Adding to the current patchwork of state and sector-specific privacy laws would be counterproductive, as it would provide neither clear, consistent protections nor certainty for businesses,” Halley wrote. The bill, he wrote, “goes beyond bad policy; the bill likely would be unlawful if enacted.”
But an executive from GWI, a Maine-based ISP, said the law was needed, responsible and necessary. Fletcher Kittridge, the company’s CEO, said companies have a moral obligation to protect privacy.
He said because access to the Internet has become a necessity of modern life, much like access to telephone services or electricity, ISPs are essentially public utilities and should be treated that way.
“We have long had laws that require public utilities to provide clean water, safe and reasonably priced power, safe roads, and good ferry service,” Kittridge wrote in his testimony in support of the bill. “It is certainly true that a telephone utility cannot sell your private data, and the power company probably can’t either.”
After the committee vote, the measure will go to the floor of the Legislature.
©2019 the Portland Press Herald (Portland, Maine). Distributed by Tribune Content Agency, LLC.
Never miss a story with the daily Govtech Today Newsletter.