Excerpted from a June 24, 2019 article by Ken Silva in Global Data Review
Earlier this month, Maine Governor Janet Mills signed an internet privacy law requiring internet service providers to obtain a customer’s express, affirmative consent before using their personal information, including browsing history.
Some attorneys, however, noted that the legislation fails to explicitly state how the new rules will be enforced. Pierce Atwood partner Peter Guffin, Chair of the firm’s Privacy & Data Security Practice Group, stated, “Unlike the CCPA (California Consumer Privacy Act), there’s no reference to statutory liability, fines, or penalties for failure to abide by the law. That piece of it is really just missing. So it’s a big question what the consequences are.
Normally a bill would spell out who would be responsible for enforcement and oversight … There are a couple of possibilities [for how the law would be enforced], but none of them quite fit.”
The ACLU and some other area attorneys, however, assert that it is up to the attorney general to enforce Maine’s laws under the Unfair Trade Practices Act. In response to those assertions, firm litigation and appellate partner Cathy Connors cited Section 207 of the law, saying that “the rules and regulations made under the Unfair Trade Practices Act should be consistent with those of the Federal Trade Commission Act.
But the FTCA does not prohibit ISPs from using consumer data without consent, which calls into question whether the Unfair Trade Practices Act can be used as an enforcement mechanism.
The new law will take effect on July 1, 2020.