With the recent repeal of the Federal Communications Commission’s internet privacy rules, several states are taking a stab at protecting customer data, resulting in new legislative battlefronts.
If the federal government isn’t going to tighten up privacy rules for internet service providers, some states are ready to try.
According to a recent analysis by the National Conference of State Legislatures, lawmakers in 21 states have introduced measures that would restrict the ways ISPs collect and use customers’ personal information. The bills began to emerge earlier this year after Congress repealed privacy rules implemented by the Federal Communications Commission in the waning months of the Obama administration. Both the initial rulemaking and the repeal proved controversial.
State-level regulations reflect that controversy. Nevada and Minnesota have ISP privacy regulations set into law. But it’s the tech hotbed of California that seems to be driving much of the debate.
The California Broadband Internet Privacy Act, introduced by Assemblymember Ed Chau, would require internet users to opt in to ISPs’ data-collection practices. In comments to Bloomberg, Chau hinted that if the measure passes, it will affect ISP policies around the country.
“We want to set the pace,” said Chau, the chair of the assembly’s Privacy and Consumer Protection Committee. “And we hope to be the leader when it comes to privacy protections.”
Industry groups such as CompTIA, TechNet, the Bay Area Council, and the California Chamber of Commerce oppose the measure, according to the International Business Times. So does the Association of National Advertisers, whose executive vice president for government relations, Dan Jaffe, wrote in a blog post that the bill “would create broad adverse precedents” and was unnecessary.
“Consumers’ online privacy is already being protected—and will continue to be protected—at the federal level,” Jaffe wrote. “If at some point the FCC overturns its net neutrality rule, which stripped the [Federal Trade Commission] of its ability to police the privacy practices of ISPs, then the FTC will again have full authority to oversee all privacy abuses. There simply is no gap in federal authority that warrants Balkanized privacy regulation at the state level.”
In comments to Bloomberg, policy attorney Chris Conley, who works with the American Civil Liberties Union of Northern California, argued that the California bill is gaining steam as a result of federal inaction.
“If we can get a strong model that is workable, then it’s something that can be adopted elsewhere,” Conley said. “We would still prefer that the federal government be the one driving this. But they’re not.”
There is some action in Congress on the issue. In May, Rep. Marsha Blackburn (R-TN) introduced legislation that would bar states from passing privacy rules of their own. And while it would revive internet privacy rules at a federal level, it would apply those rules to both ISPs and “edge providers,” such as search engines and other websites. The bill has yet to gain bipartisan support and has drawn opposition from internet and advertising groups.