The broadband industry is suing Maine to stop a web-browsing privacy law similar to the one killed by Congress and President Donald Trump in 2017. Industry groups claim the state law violates First Amendment protections on free speech and the Supremacy Clause of the US Constitution.
This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED’s parent company, Condé Nast.
The Maine law was signed by Democratic governor Janet Mills in June 2019 and is scheduled to take effect on July 1, 2020. It requires ISPs to get customers’ opt-in consent before using or sharing sensitive data. As Mills’ announcement in June said, the state law “prohibits a provider of broadband Internet access service from using, disclosing, selling, or permitting access to customer personal information unless the customer expressly consents to that use, disclosure, sale or access. The legislation also prohibits a provider from refusing to serve a customer, charging a customer a penalty or offering a customer a discount if the customer does or does not consent to the use, disclosure, sale or access of their personal information.”
Customer data protected by this law includes web-browsing history, application-usage history, precise geolocation data, the content of customers’ communications, IP addresses, device identifiers, financial and health information, and personal details used for billing.
Home internet providers and wireless carriers don’t want to seek customer permission before using web-browsing histories and similar data for advertising or other purposes. On Friday, the four major lobby groups representing the cable, telco, and wireless industries sued the state in US District Court for the District of Maine, seeking an injunction that would prevent enforcement of the law.
ISPs Claim Law Violates Speech Rights
The state law “imposes unprecedented and unduly burdensome restrictions on ISPs’, and only ISPs’, protected speech,” while imposing no requirements on other companies that deliver services over the internet, the groups wrote in their lawsuit. The plaintiffs are America’s Communications Association, CTIA, NCTA, and USTelecom. They wrote:
The law allegedly violates the First Amendment because it “limits ISPs from advertising or marketing non-communications-related services to their customers; and prohibits ISPs from offering price discounts, rewards in loyalty programs, or other cost-saving benefits in exchange for a customer’s consent to use their personal information,” the lawsuit claims.
“The Statute thus excessively burdens ISPs’ beneficial, pro-consumer speech about a wide variety of subjects, with no offsetting privacy-protection benefits,” the complaint continues. “At the same time, it imposes no restrictions at all on the use, disclosure, or sale of customer personal information, whether sensitive or not, by the many other entities in the internet ecosystem or traditional brick-and-mortar retailers, thereby causing the Statute to diverge further from its stated purpose.”