New Internet Services and Privacy Law in the State of ME

Me. Rev. Stat. tit. 1 § 14-A § 541- 542 is a broadband internet privacy law that was enacted in the U.S. state of Maine in 2019. Me. Rev. Stat. tit. 1 § 14-A § 541- 542 was passed for the purpose of protecting the various forms of personally identifiable information that residents within the state share with their respective broadband internet service providers, ranging from payment information to web browsing history, among other pertinent details. With this being said, the law outlines the guidelines that broadband internet service providers must adhere to when serving customers residing within the state of Maine, including data protection and personal privacy regulations.

How is internet service defined under the law?

Under Me. Rev. Stat. tit. 1 § 14-A § 541- 542, broadband internet access service is defined as “a mass-market retail service by wire or radio that provides the capability to transmit data to and receive data from all or substantially all Internet endpoints, including any capabilities that are incidental to and enable the operation of the service, excluding dial-up Internet access service.” Alternatively, the law defines customer personal information as “personally identifying information about a customer, including but not limited to the customer’s name, billing information, social security number, billing address, and demographic data; and information from a customer’s use of broadband Internet access service.”

What are the duties of internet service providers under the law?

Me. Rev. Stat. tit. 1 § 14-A § 541- 542 mandates that broadband internet service providers take the following steps and measures when providing said services to consumers within the state of Maine:

• Service providers are responsible for taking reasonable measures to ensure that the personal information of their customers is protected against unauthorized use, access, and disclosure. Moreover, when developing such measures, service providers must consider the nature of the personal information that will be collected, as well as the technical feasibility of the measures, among other factors.
• Service providers may only sell, use, or disclose the personal information of their customers in accordance with the expressed consent of said customers.
• Service providers are prohibited from refusing to serve a customer who does not consent to the sale, rental, or disclosure of their personal information.
• Service providers are prohibited from charging a customer a penalty or offering a customer a discount based on their decision to provide them with consent.
• Service providers are responsible for providing customers with a clear, nondeceptive, and conspicuous notice at the point of sale concerning all personal information that will be collected from them, as well as what this information will be used for.

What data elements are protected under the law?

In addition to personal identifiers such as social security numbers, billing information, and demographic data, the provisions of Me. Rev. Stat. tit. 1 § 14-A § 541- 542 also legally protected the following data elements relating to consumers within the state of Maine from unauthorized access:

• Web browsing history.
• Application usage history.
• Precise geolocation information.
• Financial information.
• Health information.
• Information pertaining to a customer’s children.
• Device identifiers such as IP addresses or media access control addresses.
• The origin and destination of a customer’s IP address.
• The content of a customer’s communications.

How can internet service providers comply with the law?

One way that broadband internet service providers can comply with legislation such as Me. Rev. Stat. tit. 1 § 14-A § 541- 542 is by implementing the use of automatic redaction software. As internet service providers will have to collect a wide range of personal information from their respective customers, they are at an increased level of risk with respect to security and data breaches. To combat these issues, internet service providers can redact information concerning their customers that is not pertinent to providing them with services, such as their social security numbers and or information about a customer’s children or family members, ensuring that this information does not fall into the hands of bad actors or cybercriminals.

As internet service has become one of the most important aspects of modern-day society, privacy regulations that govern the various forms of personally identifiable information that customers provide to said providers when looking to purchase internet services are very much needed to protect the privacy of all parties involved. To this point, the provisions of Me. Rev. Stat. tit. 1 § 14-A § 541- 542 provide residents within the state of Maine with a wide range of legal protections with regard to the personal information they disclose to their internet service providers. More importantly, however, the law gives said residents the assurance that their information is being protected at the highest level.