Vermont AG Asks State Legislators to Wait on ISP Privacy Rules, More Net Neutrality Action

No additional net neutrality action is needed in Vermont, which last year enacted a law banning state contracts with ISPs that violate open internet principles, the AG office reported to legislators. The privacy report recommended that Vermont designate and fund a chief privacy officer, conduct a state privacy audit, adopt a law modeled on California’s 2014 Student Online Personal Protection Act, amend the Security Breach Notice Act to expand scope of personally identifiable information, and harmonize varying state definitions of personal information. Vermont enacted a bill in May to mandate security standards for data brokers and require them to report annually to the Vermont secretary of state (see 1805140060). The net neutrality report said the state “continues to vigorously challenge” the FCC net neutrality order. “Vermont will defend its own laws with equal vigor and tenacity. While we believe the State’s positions will ultimately be vindicated by the courts, the Attorney General recommends that lawmakers abstain from additional action with respect to net neutrality until more is known about how the courts interpret the purview and authority of the federal and state governments with respect to net neutrality, and in particular the actions taken in this area.” The Electronic Frontier Foundation supports many of the privacy suggestions but sees “missed opportunities” in what the AG chose to defer, said EFF Senior Staff Attorney Adam Schwartz in an interview Thursday. The 2018 state privacy law on third-party data brokers was an “impressive step,” but covered only “half the story” since it didn’t govern Facebook or other first parties, he said. EFF would like to see broadband privacy rules, based on the reversed 2016 FCC order, in Vermont and other states.