In response to proposed rollbacks by the Trump administration, states and cities are finding increased cause for laws and regulations to protect consumer data online.
State and local governments continue to build new protections for online privacy under a Trump administration that is now pursuing elimination of both Obama-era regulations on net neutrality and privacy protection.
A bill passing through the Illinois legislature and new regulations instated in Seattle take up slack left by the federal government following the repeal of FCC protections that would have prevented internet service providers from selling customer data like browsing history, location, financial and medical information. At least five states have now passed legislation to protect consumer privacy online in one form or another.
In Illinois, these privacy protections take the form of The Right to Know Act, a law narrowly passed (31-21) through the state Senate on May 4 that would require companies to disclose with whom they are sharing their customers' personal data. The law also requires that companies provide contact information for those seeking this information and requires companies to respond within 30 days or face prosecution by the state.
Democratic sponsor Sen. Michael Hastings noted in a press release that the need for these kinds of laws is as urgent as ever.
"This day and age we can do everything online from paying our bills to buying groceries. The price of surfing the web shouldn’t mean sacrificing your privacy and personal information,” Hastings said.
On Tuesday, the bill was referred to the state House's Rules Committee.
If the bill is made law, Illinois would join California, Connecticut, Nebraska and West Virginia — all states that have passed laws guarding consumer personal data online, either through protections against employer social media monitoring, restriction of government access to online communications or rules surrounding third-party data sharing.
On May 3, Seattle — called by some the epicenter of the Trump resistence movement — created a new rule that takes Illinois' proposed bill one step further and requires companies to obtain permission before selling personal information or browsing data. Called the Seattle IT rule, Mayor Ed Murray said the new regulation is a direct response to the privacy rollbacks instated by Congress and the Trump administration.
"I believe protecting the privacy of internet users is essential and this policy allows the city to do just that," Murray said in a press release.
"Because of regulation repeals at the national level, we must use all of the powers at our disposal to protect the rights of our residents."
Seattle municipal code permits the city to create such rules through regulation of its telecommunications providers, which include Comcast, CenturyLink, and Wave. These companies have until Sept. 30 to report compliance.
"Unlike a website, which consumers can avoid if they disagree with their data collection and privacy practices, consumers cannot avoid sharing information with their internet service provider," Seattle Chief Technology Officer Michael Mattmiler told StateScoop via email. "Rules like this are necessary for consumers to protect consumers and ensure internet providers seek permission from consumers before engaging in new data use and sharing practices."