Lynn Boyden, an information architect in web services at the University of Southern California, displays a dating website on her computer screen. A California initiative aims to enact state laws prohibiting internet service providers from sharing private information.
When President Donald Trump signed the repeal of Obama-era internet service provider privacy rules last year, states rushed in to craft privacy legislation of their own. But most of those 2017 and 2018 bills have floundered, done in by the same business and industry forces that opposed the federal rules.
The Obama-era rules were intended to restrict internet service providers from selling or disseminating users’ personal information without permission. But industry representatives said those rules were burdensome and would stifle innovation and curb growth. Trump agreed.
States lined up to step into the breach. About half the states filed bills this year or last to address some or all of the internet privacy rules that were scrapped with Trump’s signature. But few have passed so far, and the ones that have mostly address small pieces of the privacy pie rather than taking comprehensive action.
“At the federal level you have more of people pushing big idea initiatives that are broad,” said Chris Nolen, a Virginia attorney and lobbyist who follows internet privacy issues and blogs about the issue. “The states are more driven to solving an immediate problem instead of imposing across-the-board requirements or protections across topical areas.”
In the states, broad-based consumer bills on internet privacy and net neutrality (requiring all content to be treated equally by internet providers) failed or are still pending as legislative sessions wind down. And the legislation that did pass, in states such as Virginia and Oregon, was limited.
The U.S. Senate last week voted to reinstate the Obama-era net neutrality rules the Federal Communications Commission rolled back late last year, but the measure faces an uphill battle in the House, not to mention a possible veto by Trump.
California, for example, considered reinstating Obama-era rules requiring internet service providers to disclose to users what personal information they possess, and barring them from selling or disseminating that information without permission.
But the California Chamber of Commerce, representing internet providers and telecommunications companies, opposed the legislation. In a letter to lawmakers, the group said the bill “will create a cumbersome, uncertain, and vague regulation of internet providers in California.”
“This single-state approach is antithetical to the forward-looking policies that have made California a world leader in the Internet Age,” the letter stated. “California has so much at stake and cannot afford to get this wrong.”
The bill stalled.
“The problem is they are afraid of regulation,” said state Sen. Hannah-Beth Jackson, chairwoman of the California Senate Judiciary Committee. “They make a ton of money from aggregating people’s information and selling it.”
True to California tradition, a group of consumer activists has mounted a campaign to get the issue on the California ballot. Backed by San Francisco housing financier Alastair Mactaggart, the group has raised $2.4 million so far. Opponents, led by the chamber and internet giants, have raised about $1 million, according to Ballotpedia, which tracks referenda and initiatives.
Facebook contributed $200,000 to opposing the initiative. But in mid-April, after CEO Mark Zuckerberg testified before Congress on Russian infiltration of his social media site, the company dropped its opposition to the ballot measure.
“We took this step in order to focus our efforts on supporting reasonable privacy measures in California,” Facebook officials said in a statement to California media.
Two states, Nevada this year and Minnesota in 2017, enacted laws requiring ISPs to keep customers’ information private, unless the customer gives permission to disclose the information, according to the National Conference of State Legislatures, which tracks legislation. Minnesota’s goes further, requiring ISPs to get permission before disclosing internet sites visited by online subscribers.
Oregon enacted a law in April that takes a step toward net neutrality by prohibiting state governmental entities from contracting with ISPs that throttle content.
In Virginia, a number of bills on internet privacy failed, including one that would have limited governmental procurement of ISPs to those that met requirements for neutrality and privacy. A broader bill that encompassed net neutrality and set overall privacy standards also was defeated in committee.
Virginia Sen. Jennifer Wexton, a Democrat who is running for Congress, sponsored the internet privacy bills. At a committee hearing in January, she implored lawmakers to support her bill for privacy and net neutrality.
“We are limited with what we can do at the state level, but one thing we can do is decide not to purchase from ISPs who do not adhere to net neutrality principles,” she said. “It is a basic consumer protection bill. If you love freedom, and you love privacy, and I know you do, you should love this bill.”
But after a parade of internet service companies came to the microphone to oppose her, the committee rejected the bill.
“The bill was killed because too many legislators are more interested in protecting corporate ISPs’ profits than their own constituents’ internet freedom and data privacy,” Wexton said.
“There was a long line of corporate lobbyists railing against the bill in my office and in committee, and no matching force speaking up for consumers.”