A judge has rejected the broadband industry’s bid to immediately throw out Maine’s new opt-in privacy law on the grounds that it conflicts with federal policy.
U.S. District Court Lance
Walker in Bangor also rejected broadband providers’ bid to immediately strike down the law on First Amendment grounds. But the ruling allows broadband providers to develop more evidence supporting
their claim that the law is unconstitutional.
The law, passed last year, requires broadband providers to obtain people’s consent before using web-browsing data for ad targeting.
“At this preliminary stage, plaintiffs have not done enough to show, on the face of the pleadings, an entitlement to judgment as a matter of law on their claim that Maine’s privacy
statute is a facially unconstitutional violation of the First Amendment,” Bangor wrote in a 20-page opinion issued this week.
The decision comes in response to the broadband industry’s
attempt to invalidate Maine’s new law. The measure largely replicates a set of privacy rules passed by the Obama-era Federal Communications Commission in 2016, but repealed by Congress the following
year.
The Maine law specifically prohibits broadband carriers from “using, disclosing, selling or permitting access to customer personal information” without people’s explicit
consent. It also prohibits carriers from either refusing service to people who don’t consent to tracking or charging different rates to people based on whether they consent to tracking.
The
measure only applies to companies that offer broadband access, like Comcast and AT&T, as opposed to search engines, social networking platform and other so-called “edge” providers.
A coalition of lobbying groups including ACA Connects — America’s Communications Association, CTIA — The Wireless Association, NCTA — The Internet & Television Association, and USTelecom —
The Broadband Association sued in February to strike down the
measure.
The organizations made several arguments, including that the law unconstitutionally restricts their right to access information, and wrongly subjects internet service providers to
tougher privacy standards than “edge” providers. The broadband carriers specifically said it was “irrational” to hold internet access providers to a different standard than
other businesses that draw on consumer data.
Walker rejected those arguments as premature.
Maine “has plenty of room to show through discovery — that its privacy statute does
not overshoot the mark,” he wrote.
“At this stage, the only evidence of ‘fit’ I have before me are plaintiffs’ allegations that the privacy statute is ‘both overinclusive and
underinclusive,’” he added. “This is not enough to award plaintiffs final judgment on the pleadings.”
The broadband groups also argued the law conflicts with Congress’s
decision to repeal the FCC’s 2016 privacy rules — which Congress accomplished by passing a “resolution of disapproval.”
Walker wrote that the resolution of disapproval didn’t in
itself create a new federal policy.
“After the joint resolution … Maine had the same freedom to legislate to protect its citizens’ privacy that it had before,” he
wrote.
A spokesperson for the NCTA — The Internet & Television Association said the group disagrees with the initial decision, and supports “technology-neutral” privacy
rules.
“Consumers expect — and deserve — the same meaningful privacy protections across the internet,” the spokesperson stated. “Broadband providers are united in support
of a comprehensive national privacy framework that puts consumers first and applies to all companies, including all those operating online, in a uniform and technology-neutral manner.”
The broadband industry (and other business groups) have often argued that internet access providers shouldn’t be subject to tougher privacy rules than companies like Facebook or Google.
But
privacy advocates say there are good reasons to treat broadband access providers differently — including that the companies have comprehensive access to information about subscribers’ web
activity.