The Tech Policy Greenhouse is an online symposium where experts tackle the most difficult policy challenges facing innovation and technology today. These are problems that don't have easy solutions, where every decision involves tradeoffs and unintended consequences, so we've gathered a wide variety of voices to help dissect existing policy proposals and better inform new ones.

The Most Important Privacy Case You've Never Heard Of

from the pay-attention dept

One of the most important privacy cases you’ve never heard of is being litigated right now in a federal district court in Maine. ACA v. Frey is a challenge by the nation’s largest broadband Internet access providers to a Maine law that protects the privacy of the state's broadband Internet users. If the broadband providers prevail, this case could eliminate sector-specific privacy laws across the nation, foreclose national privacy legislation, and have broad implications for broadband regulation generally.

In May 2019, the Maine legislature overwhelmingly passed LD 946, "An Act to Protect the Privacy of Online Consumer Information." The law largely tracks the now-repealed FCC’s 2016 broadband privacy rules, requiring broadband providers to obtain customer consent before disclosing, selling or otherwise using customer personal information. When the Maine bill was being considered, broadband providers complained that the law didn't apply to online companies like Google, Facebook, and Amazon. If everyone was treated the same, they claimed, they would support privacy legislation.

But the industry's lawsuit shows that its true intent is to avoid privacy regulation of any kind. Instead, they claim that giving consumers any control over their own data violates the First Amendment rights of the broadband providers to market goods and services. The industry also claims that by targeting only broadband providers, and not edge providers or any other company, the law is based on their status as a "speaker" and should be subject to "strict scrutiny" under the First Amendment, which requires a law to be "narrowly tailored to serve a compelling state interest."

The court should reject these arguments. Should it accept them, it would set the stage for overturning any and all sector-specific privacy laws as unconstitutional "speaker-based" violations of the First Amendment. If that were the case, then federal and state laws regulating the privacy practices of, among others, hospitals, financial institutions, pharmacies, credit reporting agencies, and libraries would all fall. Maine alone has nearly a dozen sector-specific laws. Now multiply that by 51.

The broadband industry argues that there’s no good reason to regulate it differently than any other company. But their claim that "no special characteristics of ISPs justify that distinction" doesn’t reflect reality. Broadband access providers do have "special characteristics" that other companies—including edge providers—do not.

As the FCC found in 2016, a broadband provider "sits at a privileged place in the network, the bottleneck between the customer and the rest of the network." This gatekeeper position allows broadband providers to see every piece of digital information a customer sends and receives over the Internet while on the network, often including the content of the information. Broadband providers see every website a customer visits, every communication they make, every device they use and, in many cases, every location they have visited.

Despite Big Broadband’s breathless objections, the principles underlying Maine’s broadband privacy law are nothing new. Instead, the law fits within a longstanding tradition of state and federal laws that prohibit those that deliver messages of all kinds—whether paper or electronic—from disclosing any information relating to those packages; in other words, a duty of confidentiality. This "common law" covers everyone from the post office to the telephone company to a broadband provider.

The reasoning is simple: in order to receive service, customers must expose their personal information to those entities. Like the post office or a telephone company, broadband providers shouldn't be allowed to unfairly exploit that information or reveal that information to others for profit. None of these laws violate the First Amendment. If this duty of confidentiality were found to be unconstitutional, all these laws, and those that protect lawyer/client, doctor/patient, and other fiduciary relationships would fall as well.

In any case, the core behavior prohibited by the statute—collecting and selling data—isn't even speech. The First Amendment typically protects "expressive" activity—something meant to convey a message. Instead, the law regulates the commercial exchange of data. Just because the data could potentially transmit information does not make it expressive. My former colleagues at Public Knowledge said it best in a "friend of the court" brief supporting the State of Maine:

Selling a collection of data to be used as a tool to develop products, enhance a search engine or develop marketing strategies is no more "expressive" than selling inside information to enhance a stock trade or selling paper at a retail outlet. The customer data is not commercial speech "proposing a transaction," it is the object of the transaction. [. . . ] No one has ever found that regulation of raw materials – such as marble or paper – that imposes incidental burdens on speakers as well as others raises First Amendment concerns.

While the broadband industry should lose this case, there are never any guarantees. A decision favoring the broadband industry would put every consumer privacy bill and law—including those seeking to regulate the data collection and data protection powers of big technology companies, retailers, banks, hotels, credit reporting agencies and others—at risk, whether or not they are sector specific. Worse, a broad ruling in favor of the industry's First Amendment "rights" could put other regulations at risk, including net neutrality and other efforts to protect consumers and promote competition. While normally a federal district court case in the sparsely populated state of Maine wouldn’t raise much nationwide attention, ACA v. Frey should. The future of consumer privacy protections may depend on it.

Jeff Gary is a project manager at Georgetown Law, where he runs technology-focused educational and training programs for state attorneys general and researches digital advertising. Previously, he worked in congress, federal agencies, and civil society on privacy, content moderation, and data security policy. He is a graduate of Georgetown Law and holds an M.A. in sociology of religion from King's College London.

Gigi Sohn is a Distinguished Fellow at the Georgetown Institute for Technology Law and Policy and a Benton Senior Fellow and Public Advocate. She served as Counselor to Former FCC Chairman from November 2013-December 2016. While at the FCC, she worked on the 2016 Broadband Privacy Rules. She testified before the Joint Committee on Energy, Utilities and Telecommunications of the Maine Legislature on April 24, 2019 in support of the LD 946, Maine’s Broadband Privacy Law.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 1st amendment, aca, broadband, free speech, frey, greenhouse, privacy, state laws


Reader Comments

Subscribe: RSS

View by: Thread


  • icon
    Ninja (profile), 30 Jun 2020 @ 1:08pm

    This smells like those cases that should be slam dunk but will make all its way to the SCOTUS and take more than a decade to be put to rest.

    link to this | view in chronology ]

  • icon
    ECA (profile), 30 Jun 2020 @ 1:53pm

    I used to love the privacy laws.

    Until 1 piece of info got out or was sold from 1 company to another and My mail box was FULL every day..

    Even with the internet spam. I WISH they would require that I give PERMISSION, rather then NOT even asking.
    Then selling to the highest bidder, Any bidder, anyone with a Buck.

    You couldnt even ask the Company sending you the Spam, WHO they got the info from..( wish I had a nice/cheap lawyer)

    link to this | view in chronology ]

  • icon
    Upstream (profile), 30 Jun 2020 @ 2:20pm

    Privacy is paramount, not pointless.

    giving consumers any control over their own data violates the First Amendment rights of the broadband providers to market goods and services.

    <John Belishi coughing Bullshit!> That is stretching the 1A way beyond its admittedly elastic limits, which would result in permanent distortion. As the authors point out, the cascade effect of setting the wrong precedent here could be catastrophic.

    Essentially all sharing of data should be strictly opt-in, and nothing should be contingent on opting-in.

    link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 30 Jun 2020 @ 3:42pm

      Re: Privacy is paramount, not pointless.

      Absolutely! And what about our 1st Amendment rights. It's our data! Why is is that not only corporations, but our government (the courts especially, third party doctrine and all) think that the 1st Amendment doesn't control our ability to control our own information.

      U.S. Constitution - Amendment 1 - Freedom of Religion, Press, Expression

      Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

      That part about freedom of expression should clearly allow for us NOT to speak, as in controlling information collected about us that we do now wish to express. It should be our decisions, not theirs.

      I also don't think that the establishment of 'corporate personhood', a fiction created in the interest of being able to deal with corporations properly, conferred all of the rights of the Constitution upon them. A search of the Constitution for the words corporation, company, and entity did not get any hits. Isn't that telling.

      link to this | view in chronology ]

      • icon
        Upstream (profile), 30 Jun 2020 @ 4:12pm

        Re: Re: Privacy is paramount, not pointless.

        My favorite response to the 'corporate personhood' thing is: "I will believe corporations are people when Texas executes one." I don't know where this originated, but it is one of the best examples of hitting two birds hard with one stone that I have heard.

        link to this | view in chronology ]

        • icon
          ECA (profile), 30 Jun 2020 @ 6:44pm

          Re: Re: Re: Privacy is paramount, not pointless.

          When a bear,
          Knocks on your door, and asks to use the bathroom...
          I will give them any right they want, IN MY DREAMS..

          link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jun 2020 @ 6:00pm

    Is the concern that this could be appealed high enough that the telecom industry's desired interpretation of the law becomes common law of the land?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jun 2020 @ 8:55pm

    Perhaps we should revisit the laws against blackmail? They, too, infringe on the first-amendment rights of perpetrators to speak freely, as part of a commercial transaction.

    Aside: oddly, enough, the egregious misquotation of the First Amendment in a previous post left out the whole paragraph about freedom from regulations covering commercial providers of goods and services. And I can see why people would misquote it that way. After all, how could the Food and Drug Administration--the Bureau of Alcohol, Tobacco, and Firearms--the Federal Trade Commission--the Federal Transportation Commission--the whole Departments of Agriculture or Health and Human Services--continue to exist if people recognized their meddling in commercial goods and services as blatantly unconstitutional?

    link to this | view in chronology ]

    • icon
      ECA (profile), 3 Jul 2020 @ 12:35pm

      Re:

      truth, fiction, lies, opinion,
      Are all cheap and simple.. Blckmail tends to be someone did something Wrong, and feels guilty about it, esp when someone Else knows.

      I love the concept that we have to be Perfect. We have to be this and that and the other. But we are not. We are human, and faulty.
      Understanding this would solve allot of problems with other people.

      There are strange idea of Forcing people to do something Stupid, just so you can control them.

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.