About two years ago, the United States Senate voted in favor of Senate Joint Resolution 34, essentially enabling internet service providers (ISPs) to sell personal consumer information—location history and browsing data—to the highest bidder.
That’s despite the bill’s robust opposition, which brought together journalists, privacy advocates, and even ISPs themselves. Unsurprisingly, those championing and lobbying for the bill were deep-pocketed corporations: Verizon, Comcast, AT&T, and the like.
S.J. Res 34, which was later signed into law by President Trump, effectively snatched away the responsibility of internet privacy from the Federal Communications Commission (FCC) and made it impossible for the federal body to mandate on it in the future.
And the legislation came into effect just before the FCC could implement its own privacy rules on ISPs, which would have required them to be transparent over the data they collected, how they used it, and whether they intended to share it. ISPs would have had to get the express consent of their users before storing or tracking any personal records. Thanks to S.J. Res 34, this right was taken away.
The legislation may seem Orwellian, but all is not lost. Lawmakers in Maine, a state of about 1.3 million residents, recently passed a bill to stop ISPs from distributing personal data without permission.
The bill, called An Act to Protect the Privacy of Online Customer Information, compels all ISPs operating in the state to obtain consent from residents before selling personal information to advertisers or other third parties.
“As a Maine resident, I’m pleased to see that the government I vote for is taking steps to help protect people’s privacy,” says Charlie Custer, a journalist who’s covered privacy issues in the past. “I think this is an area where much more action is needed, but this is an excellent first step. And after eight years of Republican obstructionism and stagnation, it’s also great to see Maine’s government taking action to do anything at all.”
Why is Maine’s ruling important?
While the actions of the Trump Administration may not suggest it, the fact is Americans value their privacy a great deal.
In a Pew Research study, 74% of Americans said it is “very important” for them to be in control of who can get information about them.
Of the respondents, 61% said they would like to do more to protect their privacy online and 64% believed that advertisers need to be subjected to more regulatory measures. Only 9% of all survey respondents believed social media companies do enough to protect user data, with 80% stating concerns about advertisers and businesses accessing data on their online behavior.
The findings of this study were corroborated by another one conducted by Harris Polls. The market research firm found that data privacy is the most pressing social issue that Americans want companies to address, ranking higher than healthcare and job creation.
It’s not hard to see why. As telecommunication companies brazenly disregard ethics and enable spurious practices, the fight for privacy will escalate well into the future.
And if legislators continue to ignore the real demands of the people, this may become a bipartisan issue, as there’s no clear indicator that the fight for privacy is a more heavily liberal or conservative concern.
Can this lead to more privacy laws?
Maine’s legislation isn’t the first instance of a U.S. state trying to actively override the federal government on privacy issues.
The California Consumer Privacy Act of 2018 allows residents of the state to discover what information businesses hold about them, how they collect this information, and whether it’s shared with others. Similar to privacy rules in the EU, the law also gives residents the power to ask for their personal data to be deleted and prevent businesses from sharing the information with anyone.
The act doesn’t come into play until 2020, but it’s a powerful piece of legislation that, in some ways, is even more stringent and pro-privacy than the EU’s GDPR.
The first tenet, for example, describes privacy as an “inalienable” right, along with expressly granting residents the right to control the use of their personal information.
However, it remains open to interpretation whether the laws will also apply to ISPs operating in California or just regular businesses like e-commerce companies, health care firms, and financial institutions.
Other states, such as Nevada, Delaware, and Oregon have similar legislation in place requiring websites and online businesses to clearly state the information it collects on individual visitors as well as provide a clear process to review and request changes to said information.
It’s certainly possible, and quite likely, that more U.S. states will follow. Regulation of the tech sector is, after all, an important topic in the upcoming elections.
How can you take back control of your privacy?
Maine’s legislation is definitely a step in the right direction, but it only impacts 0.4% of the entire U.S. population.
ISPs are not openly selling their consumers’ data yet, but there’s nothing stopping them from doing so (other than bad press, of course).
If you’re skittish about these developments and don’t want companies getting your personal information, then a VPN is an excellent place to start.
VPNs are in the business of keeping your data private. That’s the fundamental reason for their existence.
If you browse the internet with a VPN, even your ISP cannot track what you’re doing online. And until privacy laws catch up, it’s the safest bet to ensure nosy corporations are kept at a safe distance.