A proposed law in California would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing history.

The California Broadband Internet Privacy Act, a bill introduced by Assembly member Ed Chau (D-Monterey Park) on Monday, is very similar to an Obama-era privacy rule that was scheduled to take effect across the US until President Trump and the Republican-controlled Congress eliminated it. If Chau's bill becomes law, ISPs in California would have to get subscribers' opt-in consent before using browsing history and other sensitive information in order to serve personalized advertisements. Consumers would have the right to revoke their consent at any time.

“The idea that a person should have some say about how their Internet service provider can use, share or sell their personal information is not a controversial question for everyday consumers—it is common sense," Chau said in an announcement. “Congress and the Administration went against the will of the vast majority of Americans when they revoked the FCC’s own privacy rules in April, but California is going to restore what Washington stripped away.”

Chau's bill has support from "more than 25 civil rights, consumer protection, privacy, technology, and non-profit organizations," his announcement said. Both of California's legislative chambers are controlled by the Democratic party, whose members generally support opt-in privacy requirements for ISPs.

The opt-in requirement in Chau's bill would apply to "Web browsing history, application usage history, content of communications, and origin and destination Internet Protocol (IP) addresses of all traffic." The requirement would also apply to geolocation data, IP addresses, financial and health information, information pertaining to minors, names and billing information, Social Security numbers, demographic information, and personal details such as physical addresses, e-mail addresses, and phone numbers.

Comcast recently said it has "no plans" to sell its customers' individual Web browsing histories, but the company operates its own advertising network and can thus use its customers' browsing history internally in order to sell targeted ads. Like the FCC rules that were eliminated, Chau's bill would prevent both the internal use and sharing of browsing history without opt-in consent.

Chau's bill would also prohibit ISPs from refusing to serve, or limiting service to, customers who don't provide consent, and it would prevent ISPs from "charging a customer a penalty or offering a customer a discount or another benefit based on the customer’s decision to provide consent."

Opposition expected from ISPs

"Supporters of the bill acknowledged that they'll face stiff opposition from Internet service providers and a possible challenge over whether these state-level regulations conflict with federal law," the Los Angeles Times reported. But Electronic Frontier Foundation legislative counsel Ernesto Falcon told the paper he was "confident the proposed bill would not be preempted by federal law, because communications law has traditionally allowed a division of responsibilities between the state and federal government."

Several states began considering new privacy laws after Congress and Trump acted to eliminate the federal regulation, but the efforts have mostly stalled. As the country's most populous state, California could have a major impact on the behavior of Internet service providers.

Separately, US Rep. Marsha Blackburn (R-Tenn.) recently introduced legislation to require both broadband providers and websites to obtain customers' opt-in consent before using or sharing Web browsing history and other information. However, Blackburn's bill would prevent individual states and municipalities from imposing laws that are stricter than the proposed federal standard.