An Act To Protect the Privacy of Online Customer Information
Sec. 1. 35-A MRSA c. 94 is enacted to read:
BROADBAND INTERNET ACCESS SERVICE CUSTOMER PRIVACY
§ 9301. Privacy of broadband Internet access service customer personal information
(1) Personally identifying information about a customer, including but not limited to the customer's name, billing information, social security number, billing address and demographic data; and
(2) Information from a customer's use of broadband Internet access service, including but not limited to:
(a) The customer's web browsing history;
(b) The customer's application usage history;
(c) The customer's precise geolocation information;
(d) The customer's financial information;
(e) The customer's health information;
(f) Information pertaining to the customer's children;
(g) The customer's device identifier, such as a media access control address, international mobile equipment identity or Internet protocol address;
(h) The content of the customer's communications; and
(i) The origin and destination Internet protocol addresses.
(1) Refuse to serve a customer who does not provide consent under paragraph A; or
(2) Charge a customer a penalty or offer a customer a discount based on the customer's decision to provide or not provide consent under paragraph A.
(1) For the purpose of responding to a customer's call for emergency services, to a public safety answering point; a provider of emergency medical or emergency dispatch services; a public safety, fire service or law enforcement official; or a hospital emergency or trauma care facility; or
(2) To a provider of information or database management services solely for the purpose of assisting in the delivery of emergency services in response to an emergency.
(1) The nature and scope of the provider's activities;
(2) The sensitivity of the data the provider collects;
(3) The size of the provider; and
(4) The technical feasibility of the security measures.
Sec. 2. Effective date. This Act takes effect July 1, 2020.