States Propose Legislation to Address ISP Privacy Concerns

In response to the United States’ vote to block the FCC’s regulations governing ISPs and consumer privacy, many state legislatures are taking action. Since the vote last week, we’ve seen numerous states introducing their own measures to enact consumer privacy protections since the federal governemnt failed to do so. Below is a quick rundown of who is doing what:

• Minnesota: Leading the pack, Minnesota pushed out legislation almost instantly which prohibits ISPs from selling personal user data without explicit consent from the user. The legislation was an amendment to the economic development budget bill, and described as “urgently needed”  to protect privacy of the state’s residents.
• Montana: Montana added a provision to a budget bill that stops ISPs from “being awarded state contracts if they collect data from their customers without consent.” This has been described as similar to the Minnesota legislation.
• Illinois: An Illinois House committee showed support for two measures related to online privacy. The measures enable people to obtain details about what type of information companies are collecting on them, and whom they are sharing it with. They also classify what type of data is “highly sensitive” to offer additional protections.
• Massachusetts: Massachusetts lawmakers have filed legislation to stop ISPs in the state from selling customer browsing history or personal data without explicit permission.
• California: California already had a provision in place since 2005 which allows consumers to find out what information is collected on them and whom it is shared with.
• Washington State: The Washington Internet Privacy ACT (SB 5919) was proposed, which stops ISPs from collecting information without permission.
• Kansas: Kansas introduced legislation to stop ISPs from selling consumer information without consent.
• Maryland: In Maryland, the Democrats put forth a bill to project consumer privacy, but the Republican caucus of the House of Delegates blocked the bill’s introduction from going forward. This again illustrates the issue as being defined along party lines.

It’s encouraging to see states stepping up to address an issue they feel wasn’t adequately addressed at the federal level, as well as taking initiative to protect consumer privacy. We saw something similar happen with Apple during the encryption debate last year, where states stepped in to protect strong encryption in the absence of a federal law to protect these rights. We’ll be interested to see what additional states join this effort in the coming weeks.