In October 2016, the Federal Communications Commission in a 3-2 party-line vote adopted privacy rules for internet service providers. The rules imposed an opt-out standard, except for financial information, health information, precise geolocation information (as from your phone GPS), social security numbers, information relating to children, web browsing history, app usage history, and the content of communications. Last spring, Congress reversed those rules under the Congressional Review Act.
Now the state of Maine has passed ISP privacy legislation (S.P. 275) imposing an opt-in requirement for disclosing, selling or permitting access to customer personal information unless the customer expressly consents to that use, disclosure, sale or access effective July 2020.
The bill also (i) prohibits a provider from refusing to serve a customer, charging a customer a penalty or offering a customer a discount if the customer does or does not consent to the use, disclosure, sale or access; and (ii) requires providers to take reasonable measures to protect customer personal information from unauthorized use, disclosure, sale or access. The law provides certain exceptions where consent is not required such as to communicate with the subscriber; fraud protection; emergency services; and compliance with court orders.
The bill’s sponsor, Sen. Shenna Bellows stressed that
Internet privacy has become such a critical issue across our country and our state. Mainers need to be able to trust that the private data they send online won’t be sold or shared without their knowledge. This law makes Maine first and best in the nation in protecting consumer privacy online.