AUGUSTA, Maine — Big Tech firms are opposing a legislative push to move Maine to the front of the pack nationally on online privacy protections.
Lawmakers were back in Augusta on Tuesday to consider various nuanced arguments over dueling data privacy bills, including sweeping one from Rep. Maggie O’Neil, D-Saco. A host of measures on the topic came out earlier this year before work on them was pushed into 2024.
Consumer Reports, the product review organization, said O’Neil’s measures “would create the most meaningful state-level privacy protections in the nation.” Tech firms and business groups prefer a Republican’s less-stringent bill that also has Democratic sponsors and mirrors more relaxed approaches taken in states in the absence of inaction at the federal level.
The Legislature’s Judiciary Committee worked Tuesday on the slate of bills, taking testimony on O’Neil’s measure to create a Data and Privacy Protection Act that would limit the use of sensitive data, restrict ads targeted at children and prevent companies from collecting information deemed unnecessary for the services they provide, among other items.
Companies that violate the data protection requirements, with the exception of small businesses, could face lawsuits from consumers and the state. It has bipartisan cosponsorship from members such as Rep. David Boyer, R-Poland, and Rep. Morgan Rielly, D-Westbrook.
O’Neil said her bill is a “heavily negotiated, bipartisan compromise” similar to a federal proposal that Big Tech supported before it stalled in Congress. But she told Judiciary Committee members those large tech firms have also been “shopping weak laws” at the state level.
“If we pass consumer protections, it should be something that is balanced and not written by the companies that want to maintain their current practices,” O’Neil said.
There may be some finer points to iron out around O’Neil’s proposal. Both skeptics and supporters, the latter group including Attorney General Aaron Frey, a Democrat, mulled whether small businesses should be exempt from lawsuits under the bill.
Small businesses are currently exempt from certain provisions if they are not data brokers, have an annual gross revenue of less than $41 million for the three preceding years or do not annually collect and store the data of more than 200,000 people in most cases.
Representatives of financial institutions that oppose O’Neil’s bill argued they are already subject to data privacy laws under the federal Gramm-Leach-Bliley Act, while health groups argued that they should be exempt because of existing privacy laws.
The rival proposal from Assistant Senate Minority Leader Lisa Keim, R-Dixfield, would roll back some of the protections included in a landmark 2019 privacy law the state successfully defended in court. Keim’s bill has support from Big Tech and business groups along with sponsorship from both progressive and libertarian members such as Assistant Senate Majority Leader Mattie Daughtry, D-Brunswick, and Sen. Eric Brakey, R-Auburn.
“My goal, 100 percent, is the protection of Maine people,” Keim said. “I’m not trying to protect businesses, although I do want them to be successful and to be able to be here in the state of Maine.”
Keim’s bill has no civil penalties for violators and would require groups to obtain consent — or opt-in permission — to use consumers’ personal data. The TechNet group that represents giants such as Apple, Google, and credit card companies recommended Keim’s bill instead feature an opt-out requirement used in other states.
TechNet has urged Maine to follow Connecticut’s data protection policies. Connecticut is among states that have passed laws friendlier to tech companies, while California enacted a strict privacy law that has faced lawsuits.
Along with the sweeping measure she dubbed the “big Russian nesting doll,” O’Neil has two other bills that would require companies to receive consent before collecting biometric identifiers and try to protect consumer health data by banning geofencing around health care settings. Geofencing is a location-based service companies use to send marketing messages when a phone enters or exits a virtual geographic boundary.
“This would be the wrong place for Maine to be a unicorn” with privacy legislation adding to a patchwork of state laws, Paul Martino, vice president at the National Retail Federation, said.
But Cole Cochrane of Saco, a Harvard University freshman who helps lead Maine Youth Action, said advertisers will continue to “prey on vulnerable teens” if left unchecked.
“With no guardrails on the use and collection of sensitive data, we allow our youth to fall victim to profit-hungry corporations that are willing to exploit our insecurities for their gain,” Cochrane said.
