The Broadband Industry Is Suing Maine Over a Web Privacy Law

The broadband industry is suing Maine to stop a web-browsing privacy law similar to the one killed by Congress and President Donald Trump in 2017. Industry groups claim the state law violates First Amendment protections on free speech and the Supremacy Clause of the US Constitution.

The Maine law was signed by Democratic governor Janet Mills in June 2019 and is scheduled to take effect on July 1, 2020. It requires ISPs to get customers’ opt-in consent before using or sharing sensitive data. As Mills’ announcement in June said, the state law “prohibits a provider of broadband Internet access service from using, disclosing, selling, or permitting access to customer personal information unless the customer expressly consents to that use, disclosure, sale or access. The legislation also prohibits a provider from refusing to serve a customer, charging a customer a penalty or offering a customer a discount if the customer does or does not consent to the use, disclosure, sale or access of their personal information.”

Customer data protected by this law includes web-browsing history, application-usage history, precise geolocation data, the content of customers’ communications, IP addresses, device identifiers, financial and health information, and personal details used for billing.

Home internet providers and wireless carriers don’t want to seek customer permission before using web-browsing histories and similar data for advertising or other purposes. On Friday, the four major lobby groups representing the cable, telco, and wireless industries sued the state in US District Court for the District of Maine, seeking an injunction that would prevent enforcement of the law.

ISPs Claim Law Violates Speech Rights

The state law “imposes unprecedented and unduly burdensome restrictions on ISPs’, and only ISPs’, protected speech,” while imposing no requirements on other companies that deliver services over the internet, the groups wrote in their lawsuit. The plaintiffs are America’s Communications Association, CTIA, NCTA, and USTelecom. They wrote:

Maine cannot discriminate against a subset of companies that collect and use consumer data by attempting to regulate just that subset and not others, especially given the absence of any legislative findings or other evidentiary support that would justify targeting ISPs alone. Maine’s decision to impose unique burdens on ISPs’ speech–while ignoring the online and offline businesses that have and use the very same information and for the same and similar purposes as ISPs–represents discrimination between similarly situated speakers that is impermissible under the First Amendment.

The law allegedly violates the First Amendment because it “limits ISPs from advertising or marketing non-communications-related services to their customers; and prohibits ISPs from offering price discounts, rewards in loyalty programs, or other cost-saving benefits in exchange for a customer’s consent to use their personal information,” the lawsuit claims.

“The Statute thus excessively burdens ISPs’ beneficial, pro-consumer speech about a wide variety of subjects, with no offsetting privacy-protection benefits,” the complaint continues. “At the same time, it imposes no restrictions at all on the use, disclosure, or sale of customer personal information, whether sensitive or not, by the many other entities in the internet ecosystem or traditional brick-and-mortar retailers, thereby causing the Statute to diverge further from its stated purpose.”