• by Wendy Davis  @wendyndavis, September 13, 2017

After weeks of delay, a California privacy bill that could limit broadband providers' ability to serve targeted ads is expected to reach the floor on Friday -- the deadline for the law to be passed this year.

The measure (AB 375), introduced in June by California Assemblyman Ed Chau, largely recreates broadband privacy rules passed last year by the Federal Communications Commission.

As with the scrapped FCC rules, Chau's bill would require Internet service providers to obtain consumers' opt-in consent before using their web-browsing information for targeted advertising. The California bill also goes further than the former FCC rules in at least one respect: The measure would prohibit ISPs from using "pay-for-privacy" billing schemes, which involve charging customers higher fees to avoid targeted ads.

The bill has been stalled in the legislature's rules committee for weeks, but advanced on Tuesday, when lawmakers cleared the way for a Friday vote.

The measure has drawn vigorous opposition from the major broadband carriers, Association of National Advertisers, Facebook, Google and other industry groups. Opponents argue in a September 12 letter to lawmakers that the bill is "vague," and also make the extraordinary claim that it will increase the likelihood of cyber threats.

"AB 375 is vague and unclear to a degree that will have serious effects on consumers and businesses," 48 companies and business associations write. "The bill would also lead to recurring pop-ups to consumers that would be desensitizing and give opportunities to hackers."

Some opponents reiterate those claims on the website protectonlinesafety.com, which urges consumers to call their representatives and urge them to vote against the bill. The website was put up anonymously, and doesn't offer information about its developers.

Critics also are running ads on California websites including SacBee. Those ads, unveiled just days after news about the Equifax data breach, claim that the privacy bill would create cybersecurity risks.

"No to more cyberattacks. No on AB 375," states one of the ads. Another warns, "AB 375 Exposes you to pop-ups and hackers."

Supporters of the measure decry the ad campaign as a deliberate attempt to confuse consumers as well as lawmakers.

"It's an intentionally misleading argument," says Samantha Corbin, a lobbyist representing privacy groups.

The ANA previously argued to the FCC that opt-in privacy rules would result in a deluge of pop-up ads, as broadband carriers presumably continuously sought to obtain users' consent to online tracking.

But Ernesto Falcon, legislative counsel with the digital rights group Electronic Frontier Foundation, says the measure would only require pop-up notices if broadband carriers materially change their privacy policies.

A large majority of the public appears to support privacy rules requiring broadband carriers to obtain users' opt-in consent before drawing on their web-browsing data for ad targeting. In April, a survey by Huffington Post and YouGov reportedly showed that more than 70% of Republicans and Democrats wanted President Donald Trump to veto a repeal of the privacy rules.

More recently, a July survey by Freedman Consulting found that 83% of Americans oppose broadband providers selling information about their online activities without first asking for permission.