Maine Weighs Becoming 14th State to Pass Privacy Law
Legislators advocated for Maine to become the 14th state to pass a comprehensive privacy law. Industry groups urged lawmakers Tuesday to reject the proposed bill or model it after more pro-business privacy laws like those in Virginia and Connecticut.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Introduced by Rep. Margaret O'Neil (D), LD 1977 is modeled after the federal American Data Privacy and Protection Act (ADPPA). The House Commerce Committee passed the ADPPA in 2022 with a 53-2 vote (see 2207200061). Maine’s Judiciary Committee, a joint body with members from both chambers, considered LD 1977 during a hearing Tuesday but didn’t vote. The legislation has one Republican co-sponsor, Rep. David Boyer (R).
If Maine moves forward, legislators will need to ensure it harmonizes with the state’s 2019 ISP privacy law (see 1905300049), testified Maine Chief Deputy Attorney General Christopher Taub. ISPs are “unique” because they’re the “on ramp to the internet,” said Taub. They deserve “special, specific legislation,” and legislators need to ensure the two laws “mesh.”
LD 1977 is important because it would extend high ISP regulatory standards to social media platforms, testified Maine Broadband Coalition Executive Director Myles Smith. The MBC represents individuals, academics, businesses and government entities that advocate for competitive internet access across the state. ISPs argued the 2019 law would destroy their business models, but broadband investment in the state from those same companies has been massive, said Smith. “We ask that you create checks and balances for other parts of the economy,” he said: Platforms should build business models that don’t rely on “pilfering our data and using it to profit off of our lives.”
Industry groups told the committee LD 1977 unduly burdens businesses with a seemingly limitless private right of action, and it fails to recognize duplicative regulations for financial and banking entities. No other state has passed a comprehensive privacy law with an unlimited private right of action for consumers, said Ashley Luszczki, Maine State Chamber of Commerce government relations specialist. Even the ADPPA has a narrow and limited PRA, she said. Ellen Parent, Maine Credit Union League's compliance director, noted California is the only state to pass a comprehensive bill with a PRA, and damages tied to California’s PRA are capped at $750 per occurrence of violation.
Retailers worry the bill’s data privacy handling language would jeopardize loyalty programs, said National Retail Federation Vice President Paul Martino. The bill includes language for retailers that isn’t found in any other state law, said Curtis Picard, Retail Association of Maine CEO. Several industry representatives told the committee to model the bill after the laws in Connecticut or Virginia.
Representatives from the American Civil Liberties Union, Consumer Reports and the Electronic Privacy Information Center testified in favor of LD 1977. The laws in Virginia and Connecticut do little to protect consumers, said EPIC Deputy Director Caitriona Fitzgerald. She noted the House Commerce Committee’s “overwhelming” bipartisan vote on the ADPPA, which was “nothing short of a miracle” in today’s political environment. ACLU Maine Policy Director Meagan Sway noted her organization opposed the ADPPA but supports the legislation in Maine. She credited Maine’s data minimization provisions.