Maine Enacts Internet Privacy Legislation to Go Into Effect Next Year

Written by: Anthony E. Stewart, Esq.

California and New York are not the only states making waves in the world of technology and privacy.  Earlier this month, Governor Janet Mills of Maine signed into law one of the nation’s strictest internet privacy protection bills – An Act To Protect the Privacy of Online Customer Information.

It is crucial to point out that unlike California’s Consumer Privacy Act or the Europe Union’s General Data Protection Regulation (GDPR), this legislation deals specifically with internet privacy and protection.  Specifically, it only applies to broadband internet service providers, and it does not impose additional rules or regulations on other types of companies.  With that said, it would be a mistake to downplay the significance of this new law.

Currently, throughout most of the United States, internet providers (such as AT&T, Charter, Comcast, and many, many others) routinely track and collect digital information about their customers.  The data collected includes customers’ web browsing history (yes, even when in private or incognito mode!), app usage, location history, and financial information.  This information is then shared with third parties to serve sophisticated targeted advertisements.  While customers, in return, may start receiving more relevant ads, most have no idea that this sort of surveillance occurs, much less the extent of its intrusiveness.

In 2016, the Federal Communications Commission (FCC) approved broad new privacy rules that would have required internet providers to obtain permission from customers before tracking and selling their digital information. However, before these new privacy rules took effect, Republican lawmakers used the Congressional Review Act to roll back the privacy rules, which was then signed by President Donald Trump officially repealing the regulations.  As a result, about half the states introduced measures in 2018 in an attempt to address this issue.  Unfortunately, the majority of these measures have failed to gain traction.

Currently, Nevada and Minnesota require internet service providers to keep certain information concerning their customers private, unless the customer permits the disclosure of his or her information. Both states prohibit disclosure of personally identifying information, but Minnesota also requires internet providers to obtain permission before disclosing information about the customers’ online surfing habits and internet sites visited. California’s Consumer Privacy Act also addresses this issue; however, it does not go into effect until 2020.

Maine’s new legislation is similar to the repealed FCC rules. It prohibits the use, sale, or distribution of a customer’s personal information by internet providers without the express consent of the customer.  It also bans a provider from refusing to serve a customer, charging a customer a penalty or offering a customer a discount if the customer does or does not consent to the use, disclosure, sale or access of his or her personal information.

This new law will go into effect on July 1, 2020, which will allow internet providers time to adjust their practices.