Online privacy protection for consumers is one of the Obama-era regulations that President Donald Trump and Congress moved quickly to overturn. California recently introduced legislation to protect user privacy — but the technology lobby and internet service providers are already gearing up to defeat the bill.

The privacy rules passed by Obama’s Federal Communication Commission (FCC) limited the ways that internet service providers (ISPs) can sell or share users’ personal data such as browsing history and location data. In April, Congress and President Trump repealed those rules before they would have even gone into effect, leaving consumers’ without robust privacy protection online.

“There’s now a gap in privacy protection in the Internet ecosystem,” Yosef Getachew, a policy fellow at Public Knowledge, told International Business Times. “We no longer have the strong set of rules that we once had on the books.”

Read: Donald Trump Signs Internet Privacy Regulations Repeal Resolution

In response to the repeal of federal rules, many states put forward legislation to protect their own residents. At latest count, 20 states have introduced internet privacy legislation or have it in the works. Some states began the process even before the federal rules were appealed, while others timed it to be an explicitly political statement against the Trump administration. Washington State introduced statewide privacy rules two days after Trump signed the federal repeal.

RTR3F8TO Fiber optic cables carrying internet providers are seen running into a server room in Manhattan. Photo: Reuters

“What we’re seeing is a lot of states responding to the public outcry,” said Getachew. “Consumers are upset that ISPs now have the ability to share their web browsing history or share their app usage history or not tell them when their data has been hacked. So states are trying to fill in the void that Congress created."

California, whose economy would be the 6th largest in the world if it were its own country, is moving forward with its own version of privacy legislation, the California Broadband Internet Privacy Act, introduced by Assembly Member Ed Chau (D).

Advertisers covet the data that would be regulated because it enables them to target marketing efforts at consumers most likely to buy specific products. Some ISPs are also advertising networks and would be able to sell targeted ads in-house, allowing them to tell regulators and consumers that they do not share customer data with third parties. Other, usually smaller ISPs, would sell that data to third-party advertising networks and data brokers.

“ISPs want to preserve their win,” Ernesto Falcon, legislative counsel at the Electronic Frontier Foundation, told IBT. “They won at the federal level by eliminating broadband privacy rules and they don’t want states to undo that. ISPs want to engage in the activity that is now legal for them — namely, using personal information and reselling it to third parties.”

Comcast declined to comment for this story. Verizon and AT&T did not respond to requests for comment.

ISPs argue that many of their own privacy policies explicitly state that they will not share or sell that data and that they have no intention of doing so. However, a company’s privacy agreement can change at any time, often without users noticing. Many areas of California and the country have only one or two choices for home broadband Internet service. So if consumers do not like how a privacy policy changes, they may not have any other provider to switch to.

The list of organizations known to be lobbying against the California Broadband Internet Privacy Act include ISPs such as Comcast, Verizon, AT&T, Sprint, and T-Mobile as well as industry associations such as the Computing Technology Industry Association (CompTIA), TechNet, the Bay Area Council, and the powerful California Chamber of Commerce.

According to records compiled by the National Institute on Money in State Politics, those organizations have collectively given over $3 million to members of the California State Assembly and nearly $2 million to members of the State Senate, mostly since 2014. That’s on top of another $353,000 given to the state’s governor, Jerry Brown. 

California has been a leader in digital privacy protection. In late 2015, Gov. Brown signed a law protecting residents’ personal data or communications from warrantless searches by state law enforcement. 

Jerry Brown California Gov. Jerry Brown on May 19, 2015 in Sacramento. Brown signed a sweeping digital privacy bill in 2015. Will the state resurrect the Obama-era privacy rules that Trump overturned? Photo: (Photo by Justin Sullivan/Getty Images)

The amount of campaign cash from companies lobbying against the bill has privacy advocates worried that California could be set for a repeat of last month’s decision to block a single-payer health care bill, despite Democratic supermajorities in both the State Assembly and Senate, as well as a Democratic governor.

Read: Democrats Help Corporate Donors Block California Health Care Measure

A misleading letter CompTIA and TechNet sent to the offices of California lawmakers reads in part: “We want to assure you that the action taken by Congress earlier this year has changed nothing for consumers. The repeal of the FCC’s broadband privacy rules leaves in place the legal framework that has existed.” This is technically true, because the FCC’s rules had not yet gone into effect when they were repealed. But it does not reflect the fact that there are no longer privacy regulations on the book that otherwise would have protected consumers by the end of this year.

The repeal of the FCC privacy rules was done through the Congressional Review Act, which allows Congress to review regulations set by federal agencies and overturn them. The CRA prevents that federal agency from ever again enacting similar rules, unless Congress specifically legislates them. That makes it a very steep uphill battle for the FCC to ever enact privacy regulations again, giving all the more urgency to states lawmakers’ actions.

The California Broadband Internet Privacy Act is currently waiting to be assigned to committee.