Fri, Sep 25, 2020
The new Maine data privacy law, that went into effect on July 1, 2020 stands to be one of the nation’s strictest for Internet Service Providers (ISP).. The law was upheld, despite formal complaints filed by ISPs in Bangor’s federal court, alleging that the impending rule violates their freedom of speech. U.S. District Court Judge Lance Walker ruled on Tuesday, July 7 that four industry associations failed to show how Maine’s internet privacy law violates the First Amendment and he rejected the argument that it conflicts with existing federal law.
Given the limited enforceability of the law on paper, this data breach law has caused significant friction.
“The statute’s speech restrictions are… too vague to comply with due process because they force ISPs to guess at the boundaries of those restrictions,” according to the complaint filed by ISPs. “The statute’s amorphous, broad, and open-ended restrictions will, therefore, chill ISPs’ protected First Amendment speech.”
US Telecom – a telecom lobby, which represents AT&T, Verizon, Comcast, and others – objected Maine’s law, fearing that it will become part of a “patchwork” of laws regulating ISP actions. They fear the rules will confuse consumers who are used to buying internet connections in multiple states.
The new law – LD 946, or “An Act To Protect the Privacy of Online Customer Information” does the following:
ACLU Maine Advocacy Director Oamshri Amarasingham praised the bill, declaring, “Today, the Maine legislature did what the U.S. Congress has thus far failed to do, and voted to put consumer privacy before corporate profits.”
One of the most-discussed consumer protection laws passed in recent years is the California Consumer Privacy Act (CCPA). The Maine Opt In Data privacy law is different from the CCPA in several notable ways:
Currently, it is not clear how the law will be enforced. The Legislature considered, but failed to pass, an amendment that would have given the Office of the Maine Attorney General the authorization to hire enforcement officers. Though the law will be incorporated into the statutes governing public utilities, the Maine Public Utilities Commission has not been granted jurisdiction to enforce the law either. Maine Courts could allow private causes of action against ISPs, but it will take a precedent to set the tide of mass torts in motion.
Other states have debated but failed to enact similar legislation. The recent ruling in favor of Maine’s privacy law will likely impact how other states wade through the waters of consumer data privacy in the coming years.
Kroll is the leader in complex settlement administration providing end-to-end expertise for class actions, mass torts, and regulatory and government administrations.
End-to-end notice and administration solutions for data breach and privacy matters.