HOUSE DOCKET, NO. 3896 FILED ON: 4/6/2017
HOUSE . . . . . . . . . . . . . . . No. 3698
|
The Commonwealth of Massachusetts
_________________
PRESENTED BY:
Patricia A. Haddad
_________________
To the Honorable Senate and House of Representatives of the Commonwealth of Massachusetts in General
Court assembled:
The undersigned legislators and/or citizens respectfully petition for the adoption of the accompanying bill:
An Act relative to internet privacy.
_______________
PETITION OF:
Name: | District/Address: | Date Added: |
Patricia A. Haddad | 5th Bristol | 4/6/2017 |
Carole A. Fiola | 6th Bristol |
|
James M. Cantwell | 4th Plymouth |
|
Thomas P. Walsh | 12th Essex |
|
Cory Atkins | 14th Middlesex |
|
James B. Eldridge | Middlesex and Worcester |
|
David M. Rogers | 24th Middlesex |
|
Jason M. Lewis | Fifth Middlesex |
|
Sean Garballey | 23rd Middlesex |
|
Tricia Farley-Bouvier | 3rd Berkshire |
|
Linda Dean Campbell | 15th Essex |
|
James J. O'Day | 14th Worcester |
|
Natalie Higgins | 4th Worcester |
|
Sarah K. Peake | 4th Barnstable |
|
Anne M. Gobi | Worcester, Hampden, Hampshire and Middlesex |
|
Mark C. Montigny | Second Bristol and Plymouth |
|
Denise C. Garlick | 13th Norfolk |
|
Jennifer E. Benson | 37th Middlesex |
|
Claire D. Cronin | 11th Plymouth |
|
Daniel M. Donahue | 16th Worcester |
|
David T. Vieira | 3rd Barnstable |
|
Alan Silvia | 7th Bristol |
|
Tackey Chan | 2nd Norfolk |
|
James R. Miceli | 19th Middlesex |
|
William Driscoll | 7th Norfolk |
|
Stephen Kulik | 1st Franklin |
|
Michael S. Day | 31st Middlesex |
|
David Paul Linsky | 5th Middlesex |
|
Carolyn C. Dykema | 8th Middlesex |
|
John W. Scibak | 2nd Hampshire |
|
Jonathan Hecht | 29th Middlesex |
|
Kate Hogan | 3rd Middlesex |
|
Paul McMurtry | 11th Norfolk |
|
Marjorie C. Decker | 25th Middlesex |
|
Elizabeth A. Malia | 11th Suffolk |
|
Gailanne M. Cariddi | 1st Berkshire |
|
Jeffrey N. Roy | 10th Norfolk |
|
Kevin J. Kuros | 8th Worcester |
|
Timothy R. Whelan | 1st Barnstable |
|
Josh S. Cutler | 6th Plymouth |
|
Carmine L. Gentile | 13th Middlesex |
|
Bradley H. Jones, Jr. | 20th Middlesex |
|
Peter V. Kocot | 1st Hampshire |
|
John C. Velis | 4th Hampden |
|
Ann-Margaret Ferrante | 5th Essex |
|
Denise Provost | 27th Middlesex |
|
Brian Murray | 10th Worcester |
|
Angelo J. Puppolo, Jr. | 12th Hampden |
|
Jay R. Kaufman | 15th Middlesex |
|
Paul Tucker | 7th Essex |
|
James J. Dwyer | 30th Middlesex |
|
Kay Khan | 11th Middlesex |
|
Jack Lewis | 7th Middlesex |
|
Ruth B. Balser | 12th Middlesex |
|
William C. Galvin | 6th Norfolk |
|
Mike Connolly | 26th Middlesex |
|
Robert M. Koczera | 11th Bristol |
|
Paul W. Mark | 2nd Berkshire |
|
Peter J. Durant | 6th Worcester | 4/12/2017 |
Daniel Cullinane | 12th Suffolk |
|
Steven Ultrino | 33rd Middlesex |
|
Elizabeth A. Poirier | 14th Bristol |
|
Chris Walsh | 6th Middlesex |
|
James Arciero | 2nd Middlesex |
|
Paul Brodeur | 32nd Middlesex |
|
Michael J. Barrett | Third Middlesex |
|
Aaron Vega | 5th Hampden |
|
Christopher M. Markey | 9th Bristol |
|
Sal N. DiDomenico | Middlesex and Suffolk |
|
Colleen M. Garry | 36th Middlesex |
|
Smitty Pignatelli | 4th Berkshire |
|
Dylan Fernandes | Barnstable, Dukes and Nantucket |
|
Steven S. Howitt | 4th Bristol |
|
Paul J. Donato | 35th Middlesex |
|
Alice Hanlon Peisch | 14th Norfolk |
|
Shaunna L. O'Connell | 3rd Bristol |
|
HOUSE DOCKET, NO. 3896 FILED ON: 4/6/2017
HOUSE . . . . . . . . . . . . . . . No. 3698
By Mrs. Haddad of Somerset, a petition (subject to Joint Rule 12) of Patricia A. Haddad and others relative to the disclosure of customer proprietary information by internet service providers. Telecommunications, Utilities and Energy. |
The Commonwealth of Massachusetts
_______________
In the One Hundred and Ninetieth General Court
(2017-2018)
_______________
An Act relative to internet privacy.
Be it enacted by the Senate and House of Representatives in General Court assembled, and by the authority of the same, as follows:
Chapter 93 of the General Laws is hereby amended by adding the following section:-
Section 115. (a) As used in this section, the following words shall, unless the context clearly requires otherwise, have the following meanings:-
“Customer”, a current or former subscriber to an internet service in the commonwealth or an applicant for an internet service in the commonwealth.
“Opt-in approval”, the method for obtaining customer consent to collect, use, disclose, or permit access to sensitive customer proprietary information. This approval method requires that the provider obtain from the customer affirmative, express consent allowing the requested collection, usage, disclosure, or access to the sensitive customer proprietary information after the customer is provided appropriate notification of the provider’s request.
“Sensitive customer proprietary information”, financial information, health information, information pertaining to children, Social Security numbers, precise geo-location information, content of communications, call detail information, and web browsing history, application usage history, and the functional equivalents of either.
(b) An internet service provider may not collect, use, disclose, or permit access to sensitive customer proprietary information except as described in subsection (c) or with the opt-in approval of a customer as described in subsection (d).
(c) An internet service provider may collect, use, disclose, or permit access to sensitive customer proprietary information without customer approval for the following purposes: (1) in its provision of the internet service from which such information is derived, or in its provision of services necessary to, or used in, the provision of such service; (2) to initiate, render, bill, and collect for internet service; (3) to protect the rights or property of the internet service provider, or to protect users of the internet service and other providers from fraudulent, abusive, or unlawful use of the service; (4) to provide any inbound marketing, referral, or administrative services to the customer for the duration of a real-time interaction, if such interaction was initiated by the customer; (5) to provide location information or other customer proprietary information to: (i) a public safety answering point, emergency medical service provider or emergency dispatch provider, public safety, fire service, or law enforcement official, or hospital emergency or trauma care facility, in order to respond to the user’s request for emergency services; (ii) inform the user’s legal guardian or members of the user’s immediate family of the user’s location in an emergency situation that involves the risk of death or serious physical harm; or (iii) providers of information or database management services solely for purposes of assisting in the delivery of emergency services in response to an emergency; or (6) as otherwise required or authorized by law.
(d) Except as otherwise provided in this section, an internet service provider shall obtain opt-in approval from a customer to: (1) collect, use, disclose, or permit access to any of the customer’s sensitive customer proprietary information; or (2) make any material retroactive change that would result in a use, disclosure, or permission of access to any of the customer’s proprietary information previously collected by the provider for which the customer did not previously grant approval.
(e) An internet service provider shall, at a minimum solicit customer approval pursuant to subsection (d), as applicable, at the point of sale and when making 1 or more material changes to privacy policies. The solicitation of customer approval must be clear and conspicuous, and in language that is comprehensible and not misleading. The solicitation must disclose: (i) the types of sensitive customer proprietary information for which the provider is seeking customer approval to collect, use, disclose, or permit access to; (ii) the purposes for which such sensitive customer proprietary information will be used; and (iii) the categories of entities to which the provider intends to disclose or permit access to such sensitive customer proprietary information. The solicitation of customer approval must be completely translated into a language other than English if the internet service provider transacts business with the customer in that language.
(f) An internet service provider shall make available a simple, easy-to-use mechanism for customers to grant, deny, or withdraw opt-in approval at any time. The mechanism must be clear and conspicuous, in language that is comprehensible and not misleading, and made available at no additional cost to the customer. The mechanism must be persistently available on or through the provider’s website; the provider’s application, if it provides an application for account management purposes; and any functional equivalent to the provider’s homepage or application. If a provider does not have a website, the provider shall provide a persistently available mechanism by another means, including, but not limited to, a toll-free telephone number. The customer’s grant, denial, or withdrawal of approval must be given effect promptly and remain in effect until the customer revokes or limits such grant, denial, or withdrawal of approval.