Consumer Privacy vs. Free Speech: The Maine ISP Battle
How Maine's broadband privacy law survived a major First Amendment challenge.
The Intersection of Broadband Data and Digital Privacy
As our daily lives become increasingly entangled with the digital ecosystem, the volume of personal information generated is staggering. Unlike independent websites or mobile applications that only see a fraction of a user’s online activity, ISPs serve as the primary gateway to the internet, possessing an unparalleled view of a consumer’s digital footprint. From every website visited to real-time location tracking and communication logs, broadband providers have access to highly sensitive information.
This unique structural vantage point has allowed ISPs to pivot toward a lucrative secondary business model: data brokering and targeted advertising. However, this unchecked monetization of user data has sparked a fierce societal debate over digital privacy rights. When states attempt to rein in these practices, they frequently encounter aggressive legal resistance from telecommunications conglomerates.
The most prominent weapon in the industry’s legal arsenal is a constitutional defense: the First Amendment. Corporate entities argue that state restrictions on the collection and sale of consumer data violate their inherent rights to free commercial speech. This clash between consumer protection and commercial speech came to a head in a landmark legal battle over a pioneering privacy statute in Maine. By examining this conflict, we can understand the balance between safeguarding privacy and upholding constitutional speech rights.
The Void Left by Federal Deregulation
To fully comprehend the significance of state-level interventions like the one in Maine, it is necessary to examine the federal regulatory environment. In October 2016, the Federal Communications Commission (FCC) adopted comprehensive broadband privacy rules. These progressive regulations were meticulously designed to give consumers unprecedented control over their digital lives by requiring ISPs to obtain affirmative ”opt-in” consent before utilizing sensitive data, such as web browsing history, app usage, and geolocation.
The Future of AI: Preventing a Big Tech Monopoly >
However, these federal protections were severely short-lived. In April 2017, Congress utilized the Congressional Review Act to completely nullify the FCC’s privacy order before it could take effect. This legislative repeal stripped away the impending federal safeguards and explicitly prohibited the FCC from issuing substantially similar privacy regulations in the future, creating a massive regulatory vacuum.
Without federal oversight mandating strict opt-in consent, ISPs were generally left free to monetize their customers’ digital activities under vastly more lenient ”opt-out” frameworks. These frameworks place the administrative burden entirely on the consumer. Recognizing the profound vulnerability of their citizens, several state legislatures decided to fill the void. They argued that because broadband access is required for modern societal participation, consumers should not be forced to forfeit their fundamental privacy rights simply to get online. Maine rapidly emerged as a prominent trailblazer.
Maine’s Groundbreaking Statutory Intervention: LD 946
In 2019, the Maine Legislature passed Legislative Document (LD) 946, officially codified and titled ”An Act To Protect the Privacy of Online Customer Information.” Taking effect in July 2020, this statute established some of the most robust broadband privacy protections in the United States. Unlike broader privacy laws, Maine’s legislation was targeted at the specific entities providing the physical on-ramp to the internet: the ISPs.
The cornerstone of the Maine privacy statute is its stringent ”opt-in” requirement. Under the law, an ISP is strictly prohibited from using, disclosing, selling, or permitting access to a customer’s personal information unless the customer provides express consent. The statute defines ”customer personal information” comprehensively, encompassing both standard personally identifying details and network traffic data.
Furthermore, the legislation anticipated and explicitly neutralized common industry tactics used to circumvent consumer consent. It strictly bans ISPs from engaging in ”pay-for-privacy” schemes. A broadband provider cannot refuse internet service, charge a penalty, or offer a monetary discount based on whether a consumer consents to the commercial sale of their data. This provision ensures that digital privacy is treated as a fundamental right rather than a luxury commodity. The law also mandates that providers implement robust data security measures.
Understanding Consent Models: Opt-In vs. Opt-Out
| Consent Feature | Opt-In Consent (Maine Law) | Opt-Out Consent (Industry Standard) |
|---|---|---|
| Default Data Status | Data cannot be sold or monetized without explicit prior permission. | Data is actively monetized by default from the start of service. |
| Required Consumer Action | The consumer must actively agree to share their data. | The consumer must proactively navigate settings to disable sharing. |
| Corporate Revenue Impact | Severely limits data-brokering revenue as few users voluntarily opt-in. | Maximizes data-brokering revenue as most users never opt-out. |
The Industry Pushback: Framing Data as ”Speech”
Almost immediately after LD 946 was signed into state law, the telecommunications industry mobilized an aggressive legal counteroffensive. A coalition of major broadband trade associations filed a federal lawsuit against Maine, officially known as ACA Connects v. Frey. The plaintiffs argued that the law was broadly unconstitutional, preempted by existing federal statutes, and unfairly discriminatory.
However, the most provocative argument centered squarely on the First Amendment. The ISPs advanced a legal theory asserting that the collection, algorithmic aggregation, and commercial dissemination of consumer data constitute forms of ”speech” protected by the Constitution. They argued that Maine’s strict opt-in consent requirement restricted their free ability to communicate with third-party advertising partners.
By regulating how they could use the information gathered over their networks, the ISPs claimed the state was imposing an unlawful restriction on their commercial speech. Furthermore, the industry argued that the law suffered from unconstitutional ”speaker-based discrimination.” Because LD 946 applied exclusively to ISPs—and completely ignored massive ”edge providers” like popular search engines or social media platforms that also harvest vast amounts of data—the ISPs claimed the state was unfairly targeting a single class of speakers.
Analyzing the Legal Standard: The Central Hudson Test
When a government regulation restricts commercial speech—defined generally as speech that proposes a commercial transaction—federal courts typically evaluate the law using a rigorous legal framework known as the Central Hudson test. Established by the Supreme Court in 1980, this intermediate scrutiny standard requires the government to prove several distinct elements to uphold the regulation.
First, the government must demonstrate a ”substantial interest” in regulating the speech. Second, the restriction must ”directly advance” that stated government interest. Finally, the regulation must be broadly ”narrowly tailored,” meaning it should not burden substantially more speech than is absolutely necessary.
In the context of the Maine lawsuit, the state, supported heavily by privacy advocacy groups acting as amici curiae, argued that even if the sale of web browsing history could technically be construed as commercial speech, LD 946 easily survived intermediate scrutiny. The state asserted a profound interest in protecting the fundamental privacy rights of its citizens. Given the unique, indispensable nature of modern internet access and the comprehensive visibility ISPs have into a user’s digital life, the state argued that requiring affirmative consent was a perfectly tailored mechanism to prevent unauthorized commercial exploitation.
The Federal Court’s Decisive Ruling
In a pivotal decision in July 2020, U.S. District Court Judge Lance Walker denied the telecommunication industry’s motion for judgment on the pleadings, effectively rejecting their primary First Amendment arguments. The court acknowledged that the creation and dissemination of digital information implicate First Amendment protections. However, the judge established that not all speech merits the absolute highest constitutional shielding. He categorized the ISPs’ data-brokerage activities as commercial speech, firmly subjecting them to the intermediate scrutiny of the Central Hudson standard.
Applying this framework, the court found that Maine possessed a substantial and legitimate interest in protecting consumer privacy. The judge astutely recognized the structural realities of the internet access market, noting that consumers often have little to no choice in their broadband provider. Unlike a specific website that a user can simply choose not to visit, an internet connection is a strict prerequisite for modern life.
Crucially, the court also methodically dismantled the industry’s claim of speaker-based discrimination. The judge reasoned that ISPs and edge providers are fundamentally not similarly situated entities. ISPs act as the foundational conduit for all internet traffic, giving them an unparalleled view of a user’s behavior. Therefore, tailoring the legislation specifically to address the unique threat posed by ISP data collection was a highly reasonable legislative choice. Facing an uphill legal battle, the trade associations officially dropped their lawsuit in late 2022, securing a permanent victory for consumer privacy advocates.
Future Implications for Digital Privacy and Regulation
The hard-fought survival of Maine’s LD 946 carries far-reaching implications for the future trajectory of digital privacy regulation in the United States. The federal court’s validation of the strict opt-in consent model provides a legally sound blueprint for other states aggressively seeking to protect their citizens from pervasive corporate surveillance. It effectively defangs the telecommunications industry’s strategy of utilizing the First Amendment as an impenetrable shield against any data protection regulations.
This critical legal precedent clearly establishes that while corporations undoubtedly possess protected commercial speech rights, those financial rights do not completely override a state’s sovereign authority to protect its consumers. As long as state-level regulations are carefully crafted to address specific public harms—such as the non-consensual monetization of deeply sensitive network traffic—they can withstand constitutional scrutiny.
However, the localized nature of this legal victory starkly highlights the frustrating challenge of a deeply fragmented American regulatory landscape. As more individual states adopt unique privacy frameworks, consumers and businesses are increasingly forced to navigate an inconsistent patchwork of legal rules. While Maine’s success is a monumental step forward, it underscores the urgent need for a robust federal privacy law—one that ensures a citizen’s fundamental right to digital privacy is not entirely dependent on their zip code.
Conclusion
The fierce, protracted legal battle over Maine’s broadband privacy law serves as an absolutely critical case study in the modern societal struggle for control over personal information. By successfully defending LD 946 against aggressive First Amendment challenges from heavily funded corporate interests, the state demonstrated that corporate free speech arguments cannot be endlessly stretched to justify the unfettered exploitation of consumer data. The federal ruling reinforced the vital legal principle that individual digital privacy is a substantial state interest worthy of robust legislative protection. As technology evolves and personal data becomes an ever more valuable global currency, the ultimate resolution of ACA Connects v. Frey will undoubtedly resonate as a foundational moment in the effort to establish equitable boundaries in the digital economy.
Frequently Asked Questions (FAQs)
- What exactly is an ”opt-in” privacy law?
An opt-in privacy law mandates that commercial companies must obtain explicit, affirmative consent from a consumer before collecting, using, or selling their personal data. The user has to actively agree to the terms. This contrasts sharply with an ”opt-out” system, where companies can freely use data by default until the consumer actively finds the settings and requests them to stop.
- Why did Internet Service Providers (ISPs) sue the state of Maine?
ISPs filed a major federal lawsuit arguing that Maine’s strict privacy law violated their First Amendment rights. They claimed that the collection, packaging, and sale of consumer data is a form of constitutionally protected ”commercial speech,” and that restricting it was unconstitutional.
- What was the final outcome of the ACA Connects v. Frey lawsuit?
A federal court largely rejected the ISPs’ core constitutional arguments, officially ruling that Maine had a substantial, legally valid interest in protecting consumer privacy from exploitation. The court applied the Central Hudson test and found the state law was appropriately and narrowly tailored. Following this initial ruling, the trade associations voluntarily dropped their lawsuit in late 2022.
- How does this legal victory impact consumers outside of Maine?
While LD 946 legally only applies directly to Maine residents, its highly successful legal defense provides a clear, constitutional roadmap for other states. It definitively proves that state governments can legally enact strict broadband privacy laws without violating the First Amendment, potentially inspiring similar legislation nationwide.
References
- Protecting the Privacy of Customers of Broadband and Other Telecommunications Services — Federal Communications Commission (FCC). 2016-11-02. https://www.fcc.gov/document/fcc-releases-rules-protect-broadband-consumer-privacy
- Title 35-A M.R.S.A. § 9301: Act To Protect the Privacy of Online Customer Information — Maine State Legislature. 2019-06-06. https://legislature.maine.gov/statutes/35-A/title35-Asec9301.html
- ACA Connects v. Frey, 471 F. Supp. 3d 318 (D. Me. 2020) — United States District Court for the District of Maine / Justia. 2020-07-07. https://law.justia.com/cases/federal/district-courts/maine/medce/1:2020cv00055/115456/39/
- An Internet Privacy Win for Maine Consumers — National Association of Attorneys General. 2022-10-03. https://www.naag.org/attorney-general-journal/an-internet-privacy-win-for-maine-consumers/
Read full bio of Sneha Tete





