A judge has rejected the broadband industry's bid to immediately throw out Maine's new opt-in privacy law on the grounds that it conflicts with federal policy.
U.S. District Court Lance Walker in Bangor also rejected broadband providers' bid to immediately strike down the law on First Amendment grounds. But the ruling allows broadband providers to develop more evidence supporting their claim that the law is unconstitutional.
The law, passed last year, requires broadband providers to obtain people's consent before using web-browsing data for ad targeting.
The decision comes in response to the broadband industry's attempt to invalidate Maine's new law. The measure largely replicates a set of privacy rules passed by the Obama-era Federal Communications Commission in 2016, but repealed by Congress the following year.
The Maine law specifically prohibits broadband carriers from “using, disclosing, selling or permitting access to customer personal information” without people's explicit consent. It also prohibits carriers from either refusing service to people who don't consent to tracking or charging different rates to people based on whether they consent to tracking.
The measure only applies to companies that offer broadband access, like Comcast and AT&T, as opposed to search engines, social networking platform and other so-called “edge” providers.
A coalition of lobbying groups including ACA Connects -- America's Communications Association, CTIA -- The Wireless Association, NCTA -- The Internet & Television Association, and USTelecom -- The Broadband Association sued in February to strike down the measure.
The organizations made several arguments, including that the law unconstitutionally restricts their right to access information, and wrongly subjects internet service providers to tougher privacy standards than “edge” providers.
The broadband carriers specifically said it was “irrational” to hold internet access providers to a different standard than other businesses that draw on consumer data.
Walker rejected those arguments as premature. Maine “has plenty of room to show through discovery -- that its privacy statute does not overshoot the mark,” he wrote.
“At this stage, the only evidence of 'fit' I have before me are plaintiffs’ allegations that the privacy statute is 'both overinclusive and underinclusive,'” he added. “This is not enough to award plaintiffs final judgment on the pleadings.”
The broadband groups also argued that the law conflicts with Congress's decision to repeal the FCC's 2016 privacy rules -- which Congress accomplished by passing a “resolution of disapproval.”
Walker wrote that the resolution of disapproval didn't in itself create a new federal policy.
“After the joint resolution ... Maine had the same freedom to legislate to protect its citizens’ privacy that it had before,” he wrote.
A spokesperson for the NCTA -- The Internet & Television Association said the group disagrees with the initial decision, and supports “technology-neutral” privacy rules.
“Consumers expect -- and deserve -- the same meaningful privacy protections across the internet,” the spokesperson stated. “Broadband providers are united in support of a comprehensive national privacy framework that puts consumers first and applies to all companies, including all those operating online, in a uniform and technology-neutral manner.”
The broadband industry (and other business groups) have often argued that internet access providers shouldn't be subject to tougher privacy rules than companies like Facebook or Google.
But privacy advocates say there are good reasons to treat broadband access providers differently -- including that the companies have comprehensive access to information about subscribers' web activity.