The College Board has reviewed two data privacy bills currently under consideration by the Maine Judiciary Committee and asked lawmakers to exempt nonprofit organizations from the scope of these provisions.
Both of these bills (LD 1973 and LD 1977) aim to protect Mainers’ data, but they attempt to do so in slightly different ways.
In a communication to the Judiciary Committee (shared on the committee’s public list server), the University Board objected to both proposals, saying that neither provided an explicit exemption for nonprofit organizations. .
LD 1973, sponsored by Rep. Lisa Keim (R-Oxford), and LD 1977, sponsored by Rep. Maggie O’Neill (D-Saco), are both state laws aimed at protecting consumer data in Maine. This would create a new clause.
However, the details of how these protections are established differ between these two laws.
For example, LD 1977 provides for a “private right of action,” or the right to bring a civil suit for alleged violations and seek damages, whereas LD 1973 does not.
Additionally, while LD 1973 applies to persons doing business in Maine or serving residents of Maine, LD 1977 extends its coverage to individuals who Limited to those who process or manage the data.
Another difference between the two bills is that LD 1973 includes a mandatory 30-day “right to cure” provision. This means anyone deemed to have violated the Privacy Act has the right to correct her violation within 30 days to avoid it. A lawsuit has been filed against them.
Although LD 1977 includes a 60-day right to treatment provision, the provision of this opportunity is at the discretion of the Attorney General.
[RELATED: Maine Lawmakers Will Consider Limiting Corporations’ Use of Consumer Data in 2024]
In a letter to the Maine Judiciary Committee, the College Board cited concerns about both LD 1973 and LD 1977, stating that some of the restrictions proposed in these bills would not effectively serve students. suggested that it hinders the ability to
“Since each student’s career path is different, personalized “Students’ college experience and career planning are important factors,” the College Board wrote. “To do this, we must collect and process data about minors under 18.”
The nonprofit goes on to explain that “our data privacy principles are focused on providing notice, choice, transparency, and security to students, parents, and educators,” and that “all data “We protect them to the highest standards we have self-imposed.” It is also available to the general public. ”
In relation to LD 1973, the University Commission noted concerns about the grounds for prohibiting ‘processing’. [of] “Providing sensitive data about a consumer without the consumer’s consent” is defined as “clear affirmative action.”
“The University Board may collect sensitive information in order to provide additional resources or support to particular students,” the University Board said.
“Request Positive It would be very burdensome and inoperable for students to consent every time they visit our website and initiate an activity (such as a scholarship or school search) that requires the processing of these data elements. There is a possibility. ” they wrote.
As far as LD 1977 is concerned, the University Board objected to the broader definition of “sensitive data.”all data Minors under 18 years of age. ”
“The broader definition of targeted advertising and the prohibition on the use of sensitive data (i.e., data about minors) will impact our ability to present personalized information to students to support their post-secondary education pathway. ,” the group wrote.
“If LD 1973 or 1977 applies to nonprofit organizations, Maine student data would fall under different rules depending on where the student was at the time the data was provided,” the University Commissioner said. the meeting said. “This compliance patchwork based on where data is collected doesn’t really work and could create problems for Maine students.”
“The overwhelming majority of consumer privacy laws Nonprofit organization exemption“They often collect data to fulfill their mission,” the College Board concluded. “Therefore, we respectfully request that nonprofit organizations, or educational nonprofit organizations, be exempted from the scope of LD 1973 and LD 1977.”
An annotated comparison of the two bills shared on the Judiciary Committee’s public list server shows that lawmakers have yet to have any substantive “advance discussions” or “exemptions” regarding the types of entities and data each bill would exempt. It seems that they are not taking a straw vote. Proposed Law.
Fourteen states have passed data privacy laws comparable to the one currently being considered in Maine. Four of these states, including Colorado, Oregon, Delaware, and New Jersey, do not exempt nonprofit organizations from the new data privacy law.
The remaining 10 states, including New Hampshire, California, Connecticut, Utah, Virginia, Tennessee, Iowa, Indiana, Montana, and Texas, all exempt nonprofit organizations from consumer privacy laws. selected.
The Maine Judiciary Committee has scheduled a work session for both LD 1973 and LD 1977 on Monday, January 29th at 10 a.m. in State House Room 438.
Work sessions can be streamed online here.
