In light of recent changes to the federal Internet privacy law, state lawmakers have begun to draft and propose legislation aimed at creating broad protection and guidelines when it comes to protecting the personal data of consumers online.
Earlier this month, the Senate approved the rollback of certain protections in the “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” bill that would have protected consumers’ personal data (e.g., browsing history, app usage, etc.) online by making it more difficult for companies to collect, share, or sell such consumer data. The House of Representatives is expected to vote to follow suit later this week.
As a result, and in response to growing concerns from their constituents, state lawmakers have begun to draft and introduce legislation in their home states as a means of filling the void. For example, in Washington, lawmakers have already begun the process to introduce bills that would add privacy protection of sensitive online data to preexisting consumer-protection laws. Washington’s bill specifically requires Internet service providers (“ISPs”) to acquire the consent of their consumers before collecting or sharing any of their personal information.
Other states like California and Connecticut already have laws that specifically restrict government access to online communications (e.g., email), while other states such as Nebraska and West Virginia limit the control a company may exert over their employees’ social media accounts. Lastly, some states are also considering the extension of such privacy protection beyond employees, newly proposing laws that would also cover students and tenants as well.
Illinois, on the other hand, is considering a “right to know” bill that would allow consumers to find out what kind of personal information is being collected about them on the Internet or whenever they access specific online goods or services. Supporters of the Illinois law point to the European Union’s current privacy laws as proof that such laws are not only prudent but possible.
Interestingly, Illinois has already become a trailblazer of sorts when it comes to protecting consumer privacy. Over a decade ago, Illinois passed the Biometric Information Privacy Act, which regulates the collection of personal information in the form of data such as facial scans, voice data, and thumbprints. Although the law passed years ago, such personal data (and its protection) has become increasingly relevant in today’s day and age; thanks to its ubiquitous use in smartphones and other smart devices. Illinois has taken similarly strict stances on consumer privacy rights, passing laws that govern the collection and usage of consumers’ geolocation data, and a new bill has been proposed to limit the use of microphones on smart devices.
National organizations like The Electronic Frontier Foundation and the American Civil Liberties Union note that the government’s recent move to rollback consumer privacy protection gives the states a unique opportunity to step in and exert more control over the protection of such personal data. Experts note that, not only are similar laws already being proposed in Hawaii, Minnesota, Montana, Illinois, and California, but these proposals enjoy widespread bipartisan support in their respective states.
Legal experts also note that there has been a recent trend in the use of class action lawsuits as a means of lobbying for privacy protection online. In Illinois, some attorneys have helped found a new nonprofit group, the Digital Privacy Alliance, which advocates for the protection of consumer privacy online in Illinois. In the absence of federal guidance, it seems like it will only be a matter of time before other states follow suit.