The Maine legislature has voted to approve an online privacy bill, which now goes to governor Janet Mills for her signature.
The bill, "An Act to Protect the Privacy of Online Customer Information," which passed unanimously, applies only to ISPs. Such provider may not use, disclose, sell or allow access to customer personal information without the consent of the customer--opt in--and may not refuse service to those who don't consent to such sharing or charge more for customers who don't allow that use.
ISPs can do all that with non-personal information unless the customer disallows it (opt out).
There are plenty of exceptions, for: provision of access service, to market service to that customer, to prevent fraud and abuse, or to provide geolocation info for emergency services, for relatives in the case of risk of death or serious harm to the customer, to provide emergency services.
The bill includes requirements for clear notice of terms of service and reasonable measures to protect personal info from unauthorized use.
Its provisions stop at state lines, which is one of the reasons ISPs are pushing for national privacy legislation that would preempt what they call a "patchwork" of different state regs.
The bill's provisions apply to ISPs "operating within the state when providing broadband internet access service to customers that are billed for service received in the state and are physically located in the state."
Mills ran on a platform that included expanding broadband access and last year praised Spectrum for its investment in the state.
Various states have been adopting privacy bills since congress invalidated a former FCC's broadband privacy rules and the FCC under new management ceded primary regulatory oversight of broadband access to the Federal Trade Commission.