Internet service providers are fighting attempts to require customers opt in to having their location and other sensitive data sold to third parties, under the claim such laws violates the free speech rights of the companies involved.
The broadband industry has objected to a law in Maine passed last June that intended to protect the privacy of customers. In a lawsuit filed on Friday, the industry is suing the state to revoke the law for free and protected speech reasons.
The law requires internet service providers to inform of the types of user data it collects, as well as other companies that buy the data from the ISPs. It is also mandated that customers must opt in to allowing the ISP to sell the data, which could include location information, browsing data, and health and financial data, to third-party firms.
It also stops ISPs from penalizing customers who do not opt in, such as by charging extra fees on top of their existing bill, to offset the loss of revenue from the sale of the data. This is a practice AT&T is known to have performed for a number of years, under the guise of it allowing them to "discount" bills.
The lawsuit from the ISPs claim Maine's law "imposes unprecedented and unduly burdensome restrictions on ISPs' protected speech," reports Ars Technica. At the same time, the law doesn't make similar demands of other companies providing online services, such as Apple and Google, which are free to perform similar data collection without the requirement to inform beforehand.
"Maine cannot discriminate against a subset of companies that collect and use consumer data by attempting to regulate just that subset and not others," the suit states. It continues "Maine's decision to impose unique burdens on ISPs' speech — while ignoring the online and offline businesses that have and use the very same information and for the same and similar purposes as ISPs — represents discrimination between similarly situated speakers that is impermissible under the First Amendment."
The First Amendment violation is due to how it limits an ISP from marketing "non-communications-related services" to customers, as well as stopping the offering of price discounts and other "cost-saving benefits" in exchange for a consumer's consent to use a user's data.
It is also claimed the state law violates the Constitution's Supremacy Clause, which allows federal laws to have priority over conflicting state versions.
The suit lists its plaintiffs as ACA Connects, CTIA, NCTA, and USTelecom, a collection of associations representing ISPs. The plaintiffs include Maine state attorney general Aaron Frey, Maine Public Utilities Commission chairman Philip L. Bartlett, and MPUC commissioners Randall Davis and Bruce Williamson.
The sale of data has become a hot topic for privacy advocates in recent years, where the practices of tech companies harvesting and then selling user data to other firms has come under fire. Recent examples of the practice includes Wacom's drivers harvesting data that is passed on to Google, and the active collection of data by the Avast antivirus suite for sale to marketing firms.
Apple's stance on consumer privacy is that it should not have access to the data where possible, including obfuscating the data to make it unidentifiable and only acquiring the minimum amount of data required to perform a task. Encrypting data is also a key element of Apple's stance, one that has led to its involvement in a long-running debate over its use and government demands for the implementation of backdoors.