An Act To Protect the Privacy of Online Customer Information
Sec. 1. 35-A MRSA c. 94 is enacted to read:
BROADBAND INTERNET ACCESS SERVICE CUSTOMER PRIVACY
§ 9301. Privacy of broadband Internet access service customer personal information
(1) Personally identifying information about a customer, including but not limited to the customer's name, billing information, social security number, billing address and demographic data; and
(2) Information from a customer's use of broadband Internet access service, including but not limited to:
(a) The customer's web browsing history;
(b) The customer's application usage history;
(c) The customer's precise geolocation information;
(d) The customer's financial information;
(e) The customer's health information;
(f) Information pertaining to the customer's children;
(g) The customer's device identifier, such as a media access control address, international mobile equipment identity or Internet protocol address;
(h) The content of the customer's communications; and
(i) The origin and destination Internet protocol addresses.
(1) Refuse to serve a customer who does not provide consent under paragraph A; or
(2) Charge a customer a penalty or offer a customer a discount based on the customer's decision to provide or not provide consent under paragraph A.
(1) For the purpose of responding to a customer's call for emergency services, a public safety answering point; a provider of` emergency medical or emergency dispatch services; a public safety, fire service or law enforcement official; or a hospital emergency or trauma care facility;
(2) The customer's legal guardian or a member of the customer's immediate family in an emergency situation that involves the risk of death or serious physical harm; or
(3) A provider of information or database management services solely for the purpose of assisting in the delivery of emergency services in response to an emergency.
(1) The nature and scope of the provider's activities;
(2) The sensitivity of the data the provider collects;
(3) The size of the provider; and
(4) The technical feasibility of the security measures.
This bill prohibits a provider of broadband Internet access service from using, disclosing, selling or permitting access to customer personal information unless the customer expressly consents to that use, disclosure, sale or access. The bill provides other exceptions under which a provider may use, disclose, sell or permit access to customer personal information. The bill prohibits a provider from refusing to serve a customer, charging a customer a penalty or offering a customer a discount if the customer does or does not consent to the use, disclosure, sale or access. The bill requires providers to take reasonable measures to protect customer personal information from unauthorized use, disclosure, sale or access. The provisions of the bill apply to providers operating within the State when providing broadband Internet access service to customers that are billed for service received in the State and are physically located in the State.