Brown introduces legislation to protect online privacy of consumers

HARRISBURG, April 13 – State Rep. Vanessa Brown, D-Phila., today said she introduced legislation that would require internet service providers to take reasonable steps to protect customers’ personal information.

The bill would order each ISP to identify foreseeable internal and external control risks for the security of personal data that would result in unauthorized disclosure, misuse, alteration, destruction and access to or use of such information.

“Without this legislation, companies can use a person’s browsing history, geolocation, financial, medical and many more bits of information to manipulate the market. This clearly promotes unfair and disloyal competition and increases the risk whereby an unauthorized person can gain access to customers’ accounts and steal valuable assets,” Brown said.

Brown said that ISPs should have the flexibility they need to innovate and improve their services, but not at the expense of sharing consumer’s sensitive data.

“The government is supposed to work for and protect our families, not the big companies that want to exploit our personal information and online activity for private profit,” she said.

House Bill 1323 is part of an Internet Privacy Legislation Package House Democrats introduced to restore online privacy protections for Pennsylvania residents after Republicans in Congress voted to allow telecom companies and other internet service providers to sell and share customers' web browsing history without their consent.

The package mirrors the rules adopted by the Federal Communications Commission in October and includes commonsense privacy and consumer protections for Pennsylvanians such as:

  • Requiring internet service providers to notify customers about what types of information they collect, how, for what purposes, and with whom. ISPs would have to provide this information when consumers sign up for service and whenever changes are made to privacy policies.
  • Requiring providers to obtain affirmative "opt-in" permission from consumers before using or sharing their sensitive information. Sensitive information includes: geographic location, children's information, health information, financial information, Social Security numbers, web browsing history, app usage history and the contents of online communication.
  • Requiring providers to offer consumers a way to “opt-out” of the sharing of non-sensitive information.
  • Prohibiting providers from refusing to offer service to consumers who “opt-out” of the use and sharing of their information for commercial purposes.
  • Requiring providers to notify consumers in a timely manner when a data breach occurs and sensitive online information may be compromised.

“We’re introducing this legislation to ensure the privacy of Pennsylvania residents remains protected. With these bills we will ask companies to be transparent, to let people choose and to identify and assess the potential risks to customer information,” Brown said. “We won’t let the nation's biggest phone, cable and internet corporations make money by compromising our citizens’ information.”