State legislators have unveiled a pair of bills that would tighten privacy regulations for internet service providers and websites.
Assembly Bill 1527 would require ISPs to obtain the written disclosure from subscribers to release their personally identifiable information. Barring that kind of permission, the ISP wouldn’t be allowed to disclose or sell that information and would have to keep it confidential.
A subscriber could revoke permission at any time, and the ISP wouldn’t be allowed to penalize the subscriber nor deny them service for doing so.
“Personally identifiable information” is defined in the legislation as anything that can be used to personally identify, describe or be associated with the subscriber.
The bill, which had nine primary sponsors and four co-sponsors, passed out of the Democratic-controlled Assembly’s Science, Innovation and Technology Committee on Thursday by a 4-2 vote along party lines.
The policy would have to include descriptors such as what kinds of personally identifiable information is collected, with whom that information will be shared and whether the subscriber can review and request changes on information collected on them.
Privacy policies would also have to include how the website or ISP notifies users of policy changes, when those changes will be effective, how the website or ISP response to customer “do not track” requests and a disclosure of whether third parties can collect, access or purchase personally identifiable information.
In April, the internet privacy discussion moved into the global arena, following revelations Facebook, along with the U.K.-based Cambridge Analytica, had improperly collected the personal data of more than 80 million Facebook users during the 2016 presidential election.
Then in May, the European Union rolled out its plans to ramp up privacy protections for internet users, limiting how websites and ISPs can collect and handle their data.