AUGUSTA — Lawmakers in the House of Representatives on Tuesday advanced data privacy legislation that supporters say would be unique in the United States in protecting individual privacy and limiting the type of digital information companies can collect and maintain.
L.D. 1977 was approved by the House in a 75-70 vote. It also will need approval in the Senate and additional votes in each chamber before it can be sent to Gov. Janet Mills for final approval.
“Mainers value privacy,” said Rep. Maggie O’Neil, D-Saco, the bill’s sponsor. “We want our personal information to be protected. We want control over who has our personal information, how it gets shared, and how it gets used, and that’s what this bill does. It will reduce breaches by data thieves and hackers. It will reduce unexpected uses of our data and online discrimination.”
Business groups and opponents have said the bill would detach Maine businesses from the global online marketplace and make Maine the most restricted state for businesses to advertise online.
“This bill impacts every business of every size in Maine, especially small businesses. Digital, targeted marketing is how they market,” Quincy Hentzel, CEO of the Portland Regional Chamber of Commerce said during a recent roundtable on the bill. “The proposed data privacy legislation currently under consideration would put Maine businesses at a competitive disadvantage.”
The bill, which would take effect July 1, 2025, aims to regulate the collection, use, processing, transfer, sale and deletion of non-publicly available personal data that is “linked or reasonably linkable to” a Maine resident.
Under the act, businesses, including third-party platforms, would have to limit the collection and processing of “personal data” to what is “reasonably necessary and proportionate to provide or maintain a specific product or service requested by the consumer.”
The collection and processing of “sensitive data” would be limited to what is “strictly necessary to provide or maintain a specific product or service requested by the consumer.”
Under the Act, “sensitive data” includes data revealing a consumer’s race or ethnic origin, religious beliefs, mental or physical health conditions or diagnoses, sexual orientation, gender identity, citizenship or immigration status; genetic or biometric data; precise geolocation data; Social Security, driver’s license or nondriver identification card numbers; specific financial or account access information; data of a known minor; or data concerning the consumer’s status as the victim of a crime.
A business would have to obtain a consumer’s permission before collecting any biometric data. If a business knows that a consumer has not reached age 13, it must have parental consent to process that consumer’s data for any purpose. Businesses must provide consumers with a privacy notice explaining what personal data is being processed, how it’s being used and what type of third parties it’s being shared with.
O’Neil said Tuesday that the “sky isn’t going to fall” if the bill passes, and that it contains exemptions for small businesses.
“I want to underscore that businesses will still be able to advertise,” O’Neil said. “This was a huge emphasis of the committee process. It was my focus when I put the bill in – that businesses will still be able to advertise. … This bill focuses on big tech.”
The Senate voted 18-14 Tuesday against a competing bill, L.D. 1973, which the Judiciary Committee had voted 8-5 ought not to pass earlier this session. It now faces a House vote.
Sen. Lisa Keim, R-Dixfield, who co-sponsored the competing bill, testified Tuesday that it wasn’t “an absolutely perfect solution” and “needs tightening.” Still, she said, it forms a necessary partnership between businesses and consumers seeking goods and services and allows companies like L.L.Bean to operate across states.
The proposal is similar to data privacy laws passed in more than 20 states, Keim said, offering “privacy protections that businesses can comply with.” It also would protect children by not exempting businesses that are nonprofits, which “doesn’t mean they have a halo,” she said.
Sen. Anne Carney, D-Cape Elizabeth, Senate chair of the Judiciary Committee, countered that L.D. 1973 doesn’t provide sufficient protections for children’s privacy and broadly exempts internet service providers.
Maine’s business community had concerns with both bills, according to Patrick Woodcock, president and CEO of the Maine State Chamber of Commerce.
“L.D. 1973 is closer to what other states have enacted and could have been supported with minor amendments,” Woodcock said. “But we have real concerns with how businesses would be limited in using targeted advertising under L.D. 1977.”
Woodcock said L.D. 1977 is the type of law that should be enacted at the federal level.
“As it is, we’re putting Maine on an uneven playing field with this legislation,” Woodcock said. “We can protect privacy without prohibiting targeted advertising.”
Send questions/comments to the editors.
Comments are no longer available on this story