TL;DR: South Dakota's Senate passed SB 110 on February 20, 2026, by a 28-6 vote. The bill requires broadband internet providers to get customer consent before selling or sharing their data. Senator Michael Rohl (R-Aberdeen) sponsored the bill, saying "whether it's given or whether it's sold, the consumer has to approve it." Telecom lobbyists from Midco and CenturyLink opposed it, claiming it would raise costs. The bill now heads to the House.

Why This Matters

In April 2017, Congress used the Congressional Review Act to kill FCC broadband privacy rules. President Trump signed the repeal, and ISPs won the right to sell your browsing history, location data, and financial information without asking [1].

The CRA didn't just kill the rules—it blocked the FCC from passing "substantially similar" regulations in the future. Nine years later, there's still no federal broadband privacy law.

States started filling the gap. Maine passed a strong ISP privacy law in 2019. Now South Dakota is trying to join them.

What SB 110 Does

The bill regulates how broadband internet providers handle your data. According to Senator Rohl, SB 110 focuses on three things [2]:

  • User-friendly transparency — Companies must clearly explain what data they collect
  • Privacy protections — Your data can't be shared without consent
  • Data ownership — "Your digital data is your data," as Rohl put it

The key provision: ISPs need your approval before selling or sharing your customer data. That includes your browsing history, location, and other information your internet provider collects just by routing your traffic [3].

The Telecom Industry Pushed Back Hard

Lobbyists from Midco and CenturyLink testified against the bill in committee hearings [4].

Justin Smith, representing Midco, called it "a huge new regulatory hurdle" that is "very complex." He warned the administrative burden would raise costs for customers [4].

Brett Koenecke, lobbying for CenturyLink, argued the bill could hamper emergency services: "During real emergencies like wildfires, floods, and tornadoes, we need to work with many partners" [4].

Senator Rohl wasn't buying it. He pointed out that other states have passed similar regulations "beyond what the federal government is doing," and their ISPs haven't collapsed [3].

The bill initially failed in the Senate State Affairs Committee on a 5-3 vote, with Senator Deibert casting the deciding "no." But it was revived and brought to the full Senate floor, where it passed 28-6 [2][3].

What Got Stripped Out

Before the final vote, Senator Jack Kolbeck introduced an amendment to eliminate Section 12 of the bill. It passed 20-14 [2].

Section 12 exempted small ISPs (as defined by federal regulations) from the bill's requirements. Removing that section means smaller providers are now covered too—no special treatment.

The final amended bill passed the Senate with broad bipartisan support.

What Happens Now

SB 110 moves to the South Dakota House. If passed there, Governor Kristi Noem would have to sign it into law.

Given the telecom industry's opposition, expect more lobbying in the House. These companies have a financial interest in selling your data—they're not going to give up that revenue stream without a fight.

But the 28-6 Senate vote suggests strong support. Six "no" votes out of 34 senators is a clear mandate.

The State Privacy Patchwork

South Dakota joins a growing list of states trying to protect broadband privacy without federal help [1]:

  • Maine passed a comprehensive ISP privacy law in 2019
  • California includes ISPs under CCPA/CPRA
  • Nevada has limited ISP data sale restrictions

The result is a patchwork. Your privacy depends on which state you live in. Move from Maine to Kansas and suddenly your ISP can monetize your browsing history again.

Congress could fix this with a federal law. But nine years after the CRA repeal, they haven't. States like South Dakota are tired of waiting.

What You Can Do

Use a VPN

A VPN encrypts your traffic so your ISP can't see which sites you visit. They'll know you're using a VPN, but not what you're doing with it. That data is worthless to advertisers.

Use DNS Over HTTPS

Your ISP can see which domains you look up through DNS. Enable DNS-over-HTTPS in your browser or use a privacy-focused DNS like Cloudflare (1.1.1.1) or Quad9 (9.9.9.9).

Check Your ISP's Privacy Settings

Some ISPs offer opt-out settings for data sharing buried in account preferences. It won't stop all collection, but it might reduce what gets sold.

Support State Privacy Bills

If you're in South Dakota, contact your House representative about SB 110. If you're elsewhere, check IAPP's state privacy tracker for bills in your state.

References

  1. Harvard Journal of Law & Technology — Congress Rolls Back FCC Broadband ISP Privacy Rules (2017)
  2. Hub City Radio — South Dakota Senate Passes SB110 (February 20, 2026)
  3. LegiScan — South Dakota SB110, 2026 Regular Session
  4. KOTA-TV — Committee Splits on Two Data Protection Bills (February 12, 2026)