The Broadband Industry Is Suing Maine Over a Web Privacy Law

The broadband industry is suing Maine to stop a web-browsing privacy law similar to the one killed by Congress and President Donald Trump in 2017. Industry groups claim the state law violates First Amendment protections on free speech and the Supremacy Clause of the US Constitution.


This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED’s parent company, Condé Nast.

The Maine law was signed by Democratic governor Janet Mills in June 2019 and is scheduled to take effect on July 1, 2020. It requires ISPs to get customers’ opt-in consent before using or sharing sensitive data. As Mills’ announcement in June said, the state law “prohibits a provider of broadband Internet access service from using, disclosing, selling, or permitting access to customer personal information unless the customer expressly consents to that use, disclosure, sale or access. The legislation also prohibits a provider from refusing to serve a customer, charging a customer a penalty or offering a customer a discount if the customer does or does not consent to the use, disclosure, sale or access of their personal information.”

Customer data protected by this law includes web-browsing history, application-usage history, precise geolocation data, the content of customers’ communications, IP addresses, device identifiers, financial and health information, and personal details used for billing.

Home internet providers and wireless carriers don’t want to seek customer permission before using web-browsing histories and similar data for advertising or other purposes. On Friday, the four major lobby groups representing the cable, telco, and wireless industries sued the state in US District Court for the District of Maine, seeking an injunction that would prevent enforcement of the law.

ISPs Claim Law Violates Speech Rights

The state law “imposes unprecedented and unduly burdensome restrictions on ISPs’, and only ISPs’, protected speech,” while imposing no requirements on other companies that deliver services over the internet, the groups wrote in their lawsuit. The plaintiffs are America’s Communications Association, CTIA, NCTA, and USTelecom. They wrote:

Maine cannot discriminate against a subset of companies that collect and use consumer data by attempting to regulate just that subset and not others, especially given the absence of any legislative findings or other evidentiary support that would justify targeting ISPs alone. Maine’s decision to impose unique burdens on ISPs’ speech—while ignoring the online and offline businesses that have and use the very same information and for the same and similar purposes as ISPs—represents discrimination between similarly situated speakers that is impermissible under the First Amendment.

The law allegedly violates the First Amendment because it “limits ISPs from advertising or marketing non-communications-related services to their customers; and prohibits ISPs from offering price discounts, rewards in loyalty programs, or other cost-saving benefits in exchange for a customer’s consent to use their personal information,” the lawsuit claims.

“The Statute thus excessively burdens ISPs’ beneficial, pro-consumer speech about a wide variety of subjects, with no offsetting privacy-protection benefits,” the complaint continues. “At the same time, it imposes no restrictions at all on the use, disclosure, or sale of customer personal information, whether sensitive or not, by the many other entities in the internet ecosystem or traditional brick-and-mortar retailers, thereby causing the Statute to diverge further from its stated purpose.”

The trade groups also say Maine’s law violates the US Constitution’s Supremacy Clause, which gives federal law priority over state laws that conflict with US law. The Maine law “violates the Supremacy Clause because it allows consumers to dictate (by opting out or declining to opt in) when ISPs can use or disclose information that they must rely on to comply with federal law, rendering ‘compliance with both’ state and the foregoing federal laws ‘impossible,'” the trade groups claimed.

Ongoing Battle Against State Laws

The lawsuit is part of a larger battle between ISPs and states that are trying to impose regulations stronger than those enforced by the federal government. One factor potentially working against the ISPs is that the Federal Communications Commission’s attempt to preempt all current and future state net neutrality laws was blocked by a federal appeals court ruling in October 2019.

The FCC claimed it could preempt state net neutrality laws because state-imposed rules would subvert the federal policy of non-regulation. Similarly, the new lawsuit against Maine claims the state privacy law conflicts with the Congressional decision to eliminate the Obama-era FCC’s broadband rules, and it cites the Trump-era FCC’s view that ISPs’ privacy practices shouldn’t be regulated any differently than those of other online businesses.

But while the FCC was allowed to eliminate its own net neutrality rules, judges said the commission “lacked the legal authority to categorically abolish all 50 States’ statutorily conferred authority to regulate intrastate communications.” When it defends its privacy law against the industry lawsuit, Maine would likely argue that it has authority to regulate broadband-industry practices that the federal government has chosen not to regulate.

This story originally appeared on Ars Technica.

More Great WIRED Stories

Read More