Mainer’s online privacy was at the forefront of discussions in the State Legislature’s Judiciary Committee on Monday, as lawmakers discussed competing competing proposals to enhance protections for Internet users.
The committee hearing featured two very similar bills from Rep. Lisa Keim (R-Oxford) and Rep. Margaret O’Neil (D-Saco).
The bills are modeled on a Connecticut law meant to prevent businesses from attempting to use consumers’ personal data without consent, and without the consumer having any say in how their data is used.
Keim’s bill would require a banner at the top of all websites that collect data that would allow users the opportunity to opt out of the sale or transfer of their data.
The bill would also give people the right to know what is being done with their data and where it is sent, as well as giving them the right to ask businesses to delete their personal data.
Keim’s bill would apply to all businesses regardless of size, as well as non-profits and universities.
It would allow businesses a “right to cure” meaning that the business would have 30 days after receiving a notice of their violation of the privacy law to fix the violation before facing legal repercussions.
O’Neil’s LD 1977 differs from Keim’s in a few significant ways.
O’Neil’s bill allows for a “private right of action,” meaning that individuals can bring civil suits against businesses that violate their privacy rights as laid out in her bill.
Kiem shied away from a private right of action, fearing that it has the potential to bankrupt Maine businesses if it is used too often.
Unlike Keim’s bill, however, O’Neil’s exempts small businesses, defined as any businesses which make less than $41 million annually, from much of the bill, including the private right of action clause.
O’Neil also included a “data minimization” law in her bill, which prevents companies from gathering more data than reasonably necessary for them to provide a given service.
The debate over online privacy comes on the heels of the biggest data breach to ever hit Maine state government, a breach that saw nearly every Mainers’ personal records, including medical records, breached.