US states and cities look to re-introduce data privacy rules

• Trump scrapped US broadband privacy rule before it even came into force
• Now some states and city authorities drawing up replacements
• Seattle is mandating opt-in privacy from this month

The decision to repeal the US broadband privacy rules, which had required broadband providers to secure  ‘opt-in’ permission from users to before they could use or resell their browsing and geolocation histories, enraged many across the US.  

That rage almost immediately turned into action as state lawmakers caught the public’s wave of anxiety (data privacy and security issues had come to the fore in the new year) and looked to see how they could enact laws at state level to force broadband providers back to ‘opt-in’.

State legislators in so-called ‘blue’ (traditionally Democrat) states such as Illinois and Minnesota began to advance privacy bills designed to roll back Trump’s roll-back by mandating a range of privacy requirements. As a result there are currently ten such bills progressing through state legislatures, although observers say that it’s unlikely that any will survive the inevitable legal challenges.

But state legislative action at least signals - say privacy proponents - that the issue isn’t about to go away. Far from it. The inevitable string of data privacy scandals that will arise over the next months and years as the first wave of leaky IoT applications hit the market, will make sure the privacy issue remains, if not front of the public mind, then at least not too far back.

In the meantime, it’s not just the states that are biting back. City authorities might seem at first sight to be Davids in a game dominated by Goliaths, but being closer to the gritty regulation governing who can lay what in a trench, or how they may attach wires to utility poles, might turn out to be a real advantage. City authorities are looking to see if they can extend that oversight to impose privacy requirements on broadband providers and right now it looks promising as at least one City authority has already applied some rules.

According to the Seattle Times, as soon as Trump had signed the offending bill Seattle’s mayor leapt into action and asked that the municipal code governing cable franchises be inspected to see whether the citizens could be protected in some way. It turned out that  the City was responsible for setting privacy standards for subscribers..  Bingo.

A new rule has now been added, requiring cable internet providers from May 24th to obtain opt-in consent from subscribers before collecting their web browsing histories or other data. The new rule will affect Comcast, CenturyLink and a local ISP, Wave, who between them account for the majority of broadband subscribers in the city.