Internet Providers in Maine Will Soon Have To Get Consent Before Selling Customer Data
Internet service providers gobble up a disconcerting amount of information about you—your browsing history, your geolocation information, your financial information, and a lot (a lot) more. There have been many attempts to pass state-level bills that prevent ISPs from selling this type of data—since Republicans in Congress eliminated federal protections in 2017—but nearly all of them have failed, which makes the passage of a bill in Maine a significant milestone for privacy advocates.
The Maine Senate voted unanimously in favor of the bill, LD 946, which requires ISPs to get consent from customers before they can use, disclose, sell or permit access to their personal information, with only a few exceptions. Having already passed the Maine House in a 96-45 vote, the bill now goes to Governor Janet Mills for her signature.
According to the legislation, this personal information includes their name, billing information, Social Security number, demographic data, web browsing and app usage history, precise geolocation information, financial information, health information, and information on their children. And that’s not an exhaustive list of the personally identifying information, or PII, ISPs need consent to hand over to a third party.
The bill also states that ISPs can’t penalize customers who don’t give them this consent, prohibiting them from refusing a customer service or charging them a penalty for failing to do so. Alternately, a provider is also not allowed to try to entice a customer with a discount in return for their consent, according to the bill.
There are a few instances in which a provider can disclose a customer’s data without their consent—when it’s required to provide a service, to advertise its own communications services to the customer, to comply with a court order, to manage payments for their service, and to protect a user from misconduct involving the use of their services. What’s