Maine’s ‘Opt-In’ Privacy Law
Maine’s privacy law, passed in 2019, is considered to be one of the most stringent and consumer-oriented in the United States, alongside others like the CCPA (California Consumer Privacy Act). What separates the two is the difference between consumer “opt-in” and “opt-out.” The new opt-in privacy law explicitly prohibits ISPs from using, disclosing, selling, and accessing customers’ personally identifiable information without their permission. Such information includes customers’ browsing history, application usage history, precise location, IP address information, financial information, information about a customer’s children, unique device identifiers, and more. Maine legislation states that even information not considered personal information cannot be subject to any action by an ISP upon written notice by a customer. ISPs may only act on information under the conditions of protecting users or providers from unlawful use of such services, providing essential services such as geolocation for emergencies, providing basic product advertising, and complying with court orders. ISPs are also obliged by law to provide their customers a “clear, conspicuous and nondeceptive” notice of their obligations and customer rights at every point of sale. The state of Maine also enacted a groundbreaking facial recognition privacy standard last year that is considered to be the most stringent of its kind in the US.
Industry Lawyers Tried to Dismantle ACA Connects v. Frey
Maine lawyers have been defending the law from major telecommunications plaintiffs in court for over two years. The case is called “ACA Connects v. Frey.” ISP lobby groups that opposed the law included America’s Communications Association, the Cellular Telecommunications and Internet Association, the National Cable and Telecommunications Association, and USTelecom. Industry lawyers dropped the lawsuit on Sept. 2, 2022, which claimed that the law violated ISP’s First Amendment rights by imposing heavy restrictions on their operations and free speech. However, federal judge Lance Walker said lawyers failed to demonstrate how the law breaches the First Amendment and conflicts with existing federal law. Consequently, industry lawyers also agreed to reimburse the state of Maine for over $55,000 in costs incurred for defending the law. Some of the US’s biggest telecommunications providers launched “an army of industry lawyers organized against us [the law],” Maine Attorney General Aaron Frey said. Non-profit organizations such as Maine’s ACLU (American Civil Liberties Union), the EFF (Electronic Frontier Foundation), and the CDT (The Center for Democracy and Technology) also publicly and legally worked to defend the law. Now, “Maine people can access the internet with the knowledge and comfort that their personal information cannot be bought or sold … without their express approval,” Maine governor Janet Mills said, adding that such a law should be “common sense.”
Privacy Laws Under Each US Administration
Privacy laws and regulations are subject to change in the US, depending on the administration. The Biden administration is considered to be privacy-conscious with Vice President Kamala Harris in tow and several bills instated from 2018 onwards that aim to protect the privacy of American consumers. On the other hand, in 2017, the Trump administration nullified a similar bill that aimed to protect customers introduced during President Obama’s tenure from ISP-related privacy breaches. Maine’s new law now restores these customer privacy conditions to their full glory, and could be the push needed to “pave the way for other states that can follow,” Frey added. If you live in a state (or country) where privacy laws aren’t as consumer-friendly, there are ways to protect your data from ISPs and other third parties, such as using a VPN on all of your devices. You could also benefit from learning about browser fingerprinting and, while you’re at it, take our online anonymity test to see what data about you is being leaked.