You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

State Broadband Privacy Legislation


After Congress rescinded the FCC's broadband privacy rules, several state and local governments have stepped forward with legislation to protect broadband users. Many of the proposed laws would require ISPs to obtain affirmative consent before the ISPs would be allowed to collect, use, or disclose their subscribers' personal information.

Exemplary Law: California’s Consumer Privacy Act (CCPA)

As a general privacy law, the California Consumer Privacy Act (CCPA) covers broadband providers. The law covers any business (1) with revenue above twenty-five million dollars, (2) has the personal information of 50,000 or more individuals, or (3) makes half or more of its revenue from selling consumer information. The CCPA will provide consumers the right to not have their private information sold and will prohibit broadband providers from refusing service or providing alternative service to customers based on privacy choices.

California residents also have the right to access their data, know what types of information a business collects about them, request information on whether that information is sold, and request that the business delete that data.


  1. The confidentiality of electronic communications should be protected.
  2. Privacy considerations must be recognized explicitly in the provision, use, and regulation of telecommunication services.
  3. The collection of personal data for telecommunication services should be limited to the extent necessary to provide the service.
  4. Service providers should not disclose information without the explicit consent of service users.
  5. Service providers should be required to make their data collection practices known to service users.
  6. Users should not be required to pay for routine privacy protection.
  7. Service providers should be encouraged to explore technical means to protect privacy.
  8. Appropriate security polices should be developed to protect network communications.
  9. A mechanism should be established to ensure the observance of these principles.

Additional Resources

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security