SP0566
LD 1610		 Session - 128th Maine Legislature
C "A", Filing Number S-453, Sponsored by
LR 2315
Item 2
Bill Tracking, Additional Documents Chamber Status

Amend the bill by striking out the title and substituting the following:

‘An Act Regarding Customer Personal Information’

Amend the bill by striking out everything after the enacting clause and before the summary and inserting the following:

Sec. 1. 5 MRSA §1812-H  is enacted to read:

§ 1812-H Purchasing of broadband Internet access service

1 Definitions.   As used in this section, unless the context otherwise indicates, the following terms have the following meanings.
A "Broadband Internet access service" means a mass-market retail service by wire or radio that provides the capability to transmit data to and receive data from all or substantially all Internet endpoints, including any capabilities that are incidental to and enable the operation of the service, but excluding dial-up Internet access service.
B "Customer" means a current or former subscriber to a broadband Internet access service.
C "Customer personal information" means:

(1) Personally identifying information about a customer, including, but not limited to, the customer's name, billing information, social security number, billing address and demographic data; and

(2) Information from a customer's use of broadband Internet access service, including:

(a) The customer's browsing history;

(b) The customer's application usage history;

(c) The customer's precise geolocation information;

(d) The customer's financial information;

(e) The customer's health information;

(f) Information pertaining to the customer's children;

(g) The customer's device identifier, such as a media access control address, international mobile equipment identity or Internet protocol address;

(h) The content of the customer's communications; and

(i) The origin and destination Internet protocol addresses.

D "Inappropriate use, sale or disclosure of or access to customer personal information" means the use, sale or disclosure of or access to customer personal information by a provider without the customer's express, affirmative consent; the refusal to serve a customer that does not provide a provider with consent to use, sell, disclose or permit access to that customer personal information; or charging a customer a fee or penalty if the customer does not provide a provider with consent to use, sell, disclose or permit access to that customer personal information. "Inappropriate use, sale or disclosure of or access to customer personal information" does not include the use, sale or disclosure of or access to customer personal information:

(1) For the purpose of providing the service from which such information is derived or for the service necessary to the provision of such service;

(2) To advertise or market the provider's communications-related services to the customer;

(3) To comply with a lawful court order;

(4) To initiate, render, bill for and collect payment for broadband Internet access service;

(5) To protect users of the provider's or other providers' services from fraudulent, abusive or unlawful use of or subscription to such services; and

(6) To provide precise geolocation information concerning the customer to:

(a) For the purpose of responding to the customer's call for emergency services, a public safety answering point, as defined in Title 25, section 2921, subsection 7; a provider of emergency medical or emergency dispatch services; a public safety, fire service or law enforcement official; or a hospital emergency or trauma care facility;

(b) The customer's legal guardian or a member of the customer's immediate family in an emergency situation that involves the risk of death or serious physical harm; or

(c) A provider of information or database management services solely for the purpose of assisting in the delivery of emergency services in response to an emergency.

E "Provider" means a person that provides broadband Internet access service.
2 Customer protections; purchasing broadband Internet access service.   The Department of Administrative and Financial Services, Bureau of General Services may not contract for the purchase of broadband Internet access service from a provider that engages in the inappropriate use, sale or disclosure of or access to customer personal information.

A provider that contracts with the State for broadband Internet access service may not engage in the inappropriate use, sale or disclosure of or access to customer personal information for the duration of the contract.

Sec. 2. 35-A MRSA §9205-A  is enacted to read:

§ 9205-A Grant limitations to providers of broadband Internet access service

1 Definitions.   As used in this section, unless the context otherwise indicates, the following terms have the following meanings.
A "Broadband Internet access service" means a mass-market retail service by wire or radio that provides the capability to transmit data to and receive data from all or substantially all Internet endpoints, including any capabilities that are incidental to and enable the operation of the service, but excluding dial-up Internet access service.
B "Customer" means a current or former subscriber to a broadband Internet access service.
C "Customer personal information" means:

(1) Personally identifying information about a customer, including, but not limited to, the customer's name, billing information, social security number, billing address and demographic data; and

(2) Information from a customer's use of broadband Internet access service, including:

(a) The customer's browsing history;

(b) The customer's application usage history;

(c) The customer's precise geolocation information;

(d) The customer's financial information;

(e) The customer's health information;

(f) Information pertaining to the customer's children;

(g) The customer's device identifier, such as a media access control address, international mobile equipment identity or Internet protocol address;

(h) The content of the customer's communications; and

(i) The origin and destination Internet protocol addresses.

D "Inappropriate use, sale or disclosure of or access to customer personal information" means the use, sale or disclosure of or access to customer personal information by a provider without the customer's express, affirmative consent; the refusal to serve a customer that does not provide a provider with consent to use, sell, disclose or permit access to that customer personal information; or charging a customer a fee or penalty if the customer does not provide a provider with consent to use, sell, disclose or permit access to that customer personal information. "Inappropriate use, sale or disclosure of or access to customer personal information" does not include the use, sale or disclosure of or access to customer personal information:

(1) For the purpose of providing the service from which such information is derived or for the service necessary to the provision of such service;

(2) To advertise or market the provider's communications-related services to the customer;

(3) To comply with a lawful court order;

(4) To initiate, render, bill for and collect payment for broadband Internet access service;

(5) To protect users of the provider's or other providers' services from fraudulent, abusive or unlawful use of or subscription to such services; and

(6) To provide precise geolocation information concerning the customer to:

(a) For the purpose of responding to the customer's call for emergency services, a public safety answering point, as defined in Title 25, section 2921, subsection 7; a provider of emergency medical or emergency dispatch services; a public safety, fire service or law enforcement official; or a hospital emergency or trauma care facility;

(b) The customer's legal guardian or a member of the customer's immediate family in an emergency situation that involves the risk of death or serious physical harm; or

(c) A provider of information or database management services solely for the purpose of assisting in the delivery of emergency services in response to an emergency.

E "Provider" means a person that provides broadband Internet access service.
2 Customer protections; grants to providers.   The authority may not provide grant funding under this chapter to a provider that engages in the inappropriate use, sale or disclosure of or access to customer personal information.

A provider that receives grant funding from the authority may not engage in the inappropriate use, sale or disclosure of or access to customer personal information for 5 years from the date funds are received.

Sec. 3. Net neutrality principle. No later than January 15, 2019, the Office of the Attorney General shall submit to the joint standing committee of the Legislature having jurisdiction over utilities and technology matters a report that addresses the following:

1. The extent to which, under the Maine Unfair Trade Practices Act or any other state law, the Office of the Attorney General is able to ensure that a provider of broadband Internet access service, as defined in the Maine Revised Statutes, Title 5, section 1812-H, paragraph A, is adhering to the net neutrality principles adopted in the Federal Communications Commission's 2015 open Internet order, GN Docket No. 14-28, FCC 15-24, adopted February 26, 2015 and released March 12, 2015; and

2. In light of the Federal Communications Commission's 2017 restoring Internet freedom order, WC Docket No. 17-108, FCC 17-166, adopted December 14, 2017 and released January 4, 2018, can legislation be enacted to specifically regulate broadband Internet access service to ensure a provider is adhering to net neutrality principles if there currently is no authority for the Office of the Attorney General or any other state office to ensure that a provider of broadband Internet access service is adhering to net neutrality principles?

The committee may report out a bill to the First Regular Session of the 129th Legislature based on the report.’

summary

This amendment is the majority report, and it replaces the bill. It prohibits the Department of Administrative and Financial Services, Bureau of General Services from entering into a contract for the purchase of broadband Internet access service from any provider that engages in the inappropriate use, sale or disclosure of or access to customer personal information. It requires any provider that contracts with the State for broadband Internet access service to adhere to the limitations regarding the inappropriate use, sale or disclosure of or access to customer personal information. It prohibits the ConnectME Authority from providing any grant funding to a provider of broadband Internet access service that engages in the inappropriate use, sale or disclosure of or access to customer personal information. It requires that a provider that receives grant funding from the ConnectME Authority must adhere to the limitations regarding the inappropriate use, sale or disclosure of or access to customer personal information for 5 years from the date grant funding is received. Lastly, it directs the Office of the Attorney General to submit a report by January 15, 2019 to the joint standing committee of the Legislature having jurisdiction over utilities and technology matters related to the State's ability to ensure that providers of broadband Internet access service are adhering to net neutrality principles.

Top of Page
Additional Information
Bill Tracking Chamber Status
Amendments Testimony, Public Hearings & Work Sessions Committee Information for this Bill
Other Documents Title & Section

Related Pages
Search Bill Text Search Bill Status
Bill Directory Current Committees Legislative Information
Download MS-Word, Printed PDF Maine Legislature
Office of Legislative Information
100 State House Station
Augusta, ME 04333		 voice: (207) 287-1692
fax: (207) 287-1580
tty: (207) 287-6826
Word Viewer for Windows Disclaimer