Assemblymembers Monica Wallace (D-Lancaster) and Ken Zebrowski (D-New City) announced legislation that would provide internet users the power to opt out of use of their personal information by internet service providers (ISPs)(A.7191). This move comes after federal legislation reversed the FCC proposed rule that would have required consent over use of customer data by ISPs. On April 3rd, the President signed the Joint Resolution that reversed the new FCC regulations that were rolled out in October 2016. The reversal of the FCC rule provides ISPs with unchecked authority to use, share, and sell a customer’s personal information to third party advertisers.

“This legislation will protect the sensitive information of New York families from being collected and sold to the highest bidder without their consent,” said Assemblymember Wallace. “Absent legislative action by our state, ISPs will be able to collect and sell information about the web searches you preform, the websites you visit, and the apps you use. We cannot allow ISPs to disclose such deeply personal information for commercial gain without our consent.”

The proposed legislation would provide customers with more control and transparency over how their sensitive personal information is handled by ISPs. The proposal would require a customer’s consent in order to share or use personal information which would include browsing history, financial information, communication content, usage, biographical information and other data that is specific to an individual consumer. It would also allow customers to opt out of the sharing of non-personal, aggregated information that is shared by the ISP.

“The State needs to act now to protect consumers from what is essentially an invasion of privacy from their internet provider,” said Assemblyman Zebrowski. “When we pay for a service such as internet access, we expect that they are acting in the best interest of the customer not using our information to make a profit. Our browsing history, financial information, medical data, or any other deeply personal data should remain private and at the very least require consent.”