State legislators around the country are introducing, debating, and voting on bills that would restore the privacy rights that Congress and President Trump took away last month when they overturned the FCC’s privacy rules for Internet service providers (ISPs). This trend amounts to a broad rebellion against DC policymakers and their sacrifice of Americans’ individual interests to benefit a small number of cable and Internet companies.
As we explained when they were being developed, the FCC’s rules would have prevented ISPs from sharing your browsing history with advertisers, forced ISPs to be clear about what information they’re collecting, required ISPs to take reasonable steps to protect your data from hackers, and prohibited companies from completely conditioning service on providing consent to share personal information. But, using a novel legislative tactic (the “Congressional Review Act”), the House and Senate majorities voted to eviscerate the privacy rules, and to his discredit President Trump signed the measure instead of vetoing it.
From the moment the rules were undone, our phones here at the ACLU (and at the offices of many of our allies) began ringing off the hook with queries from the states, all asking the same question: how can we act at the state level to restore the protections that the congressional majorities have destroyed? A Huffington Post/YouGov poll found that an astonishingly high 83% of Americans — including 82% of Democrats and 84% of Republicans — agree that telecom and cable companies “should not be allowed to share personal information about customers, such as their web browsing history, without first getting customers’ permission.” Internet activists are gearing up to make the vote an election issue in 2018.
So it’s not surprising that a movement to give control back to Internet subscribers has arisen in the states. So far we’ve seen bills introduced in at least 17 states that we know of—states large and small, northern and southern, liberal and conservative. And we’ve heard of legislative interest in many others—most significantly, perhaps, California, which because of its enormous population (nearly 1 in 8 Americans is a Californian) could prove to be a strong factor in tipping the nation back towards sensible privacy protections.
While the bills introduced so far take different approaches, and inevitably some are better than others, they all seek to increase Americans’ say over when or if an ISP can sell their personal information, such as browsing history, that can reveal deeply personal things about someone’s life and in some cases can be used in harmful and discriminatory ways. Some of the proposed bills would actually provide stronger privacy protections than the FCC regulations would have—for example by prohibiting not just the use of information without consent, but also its collection, or by setting rules that block ISPs from making people pay extra for their privacy. These are things that we unsuccessfully urged the FCC to adopt in its original rules, and it’s great to see moves in the states to fill those gaps.
We have created a roundup of the proposed state legislation that we know about, which can be found here.
According to the National Conference on State Legislatures, two states, Nevada and Minnesota, have some form of pre-existing ISP privacy protections in place. If Americans make their voices heard, strong protections will hopefully again one day be on track to cover the entire nation.