In an age where personal data flows seamlessly across the Internet, protecting privacy and keeping information safe is critical.

Last week, the Maine Senate passed L.D. 946, a bill solely seeking privacy restrictions on internet service providers (ISPs). But this bill misses the mark for Maine because it is missing a key part of the internet landscape.

Any discussion about privacy must include all the different types of companies that handle our data, not just internet service providers.

Today, the accumulation of data is widespread. One’s information is collected when one drives, goes to the grocery store, shops online, posts on social media and searches the Internet for a recipe, a movie time or anything else. The millions of apps, games and Web sites we use all run background technology to capture data on what information one is accessing online, and when and where that information is accessed.

Large technology companies, like Google or Facebook, see everything one does online and mine that data. In contrast, an encrypted internet service provider (AT&T, Verizon, etc.) can likely determine the IP addresses a user visits, but cannot determine what that user is viewing on a site.

It is detrimental for our legislators to ignore the significant role played by social media companies, search engines, apps, operating systems, online services, browsers, advertising networks, data brokers, retail establishments, large internet tech companies and the like. Privacy protections should not be based on the type of company having access to data, but rather on the sensitivity of the data itself. In that way, all companies through which data passes will need to adhere to the rules.


But that is not the only thing that worries us about L.D. 946. We all know the Internet is not contained within the boundaries of the state of Maine. States must be very careful about imposing privacy regulation, because data flows freely among myriad types of companies every time a user accesses the internet. New state regulation could ultimately have unintended consequences, as it could disrupt the way the internet works, in a way that is inconsistent with users’ preferences and expectations.

Just think about what a patchwork of different state laws would do to your everyday use of the internet. You might have to opt in to a privacy setting in Maine but opt out of that setting if you go into another state for vacation. Different state laws will lead to confusion and inconsistency in enforcement.

The economic impact is real, too. If every individual state enacted its own privacy law, it would make it difficult for new, small and start-up Internet-based companies and applications to engage on a broader scale, since they would have to comply with fifty different sets of rules.

It is incumbent upon the federal government to create a unified regulatory regime for privacy, data security, and breach notification. Federal regulation should also be in line with the standards developed and enforced over the past 20 years by the Federal Trade Commission.

Right now, states continue to have the authority to enforce privacy and consumer protection, as well as data breach notification laws in all 50 states. And ISPs, with their use of encryption and other security safeguards, have been transparent in their efforts to safeguard customer data.

We urge Maine’s House members to oppose L.D. 946. Maine consumers need consistent, comprehensive privacy protections, not patchwork legislation that inadequately protects them by leaving large security gaps in their Internet experience.


Kimberly Lindlof is president and CEO of Mid-Maine Chamber of Commerce.

Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.