Massachusetts Prepares To Ban The Collection And Abuse Of Cell Phone Location Data
For more than a decade now, app makers, phone makers, wireless companies - and pretty much everybody else - has been collecting and monetizing your daily movement habits. There's genuinely no reason most of these companies (like, say, your light bulb maker) need this information, but because the U.S. is too corrupt to pass a real privacy law, they collect it and sell access to it because they can.
This data is hoovered up, anonymized" to provide the pretense of user privacy, then sold to a wide assortment of largely unaccountable and frequently sleazy data brokers. This data is then widely and routinely abused from everybody from stalkers and foreign governments, to a long line of US government agencies looking to avoid having to get pesky warrants.
Despite this going on for the better part of two decades now, the U.S. has been too corrupt to pass even a basic privacy law for the internet era reining in this abuse. Most regulatory actions at agencies like the FCC are theatrical at best. And while the FTC has been taking specific action against some companies, we're not doing much in terms of an over-arching solution for the broader problem.
Enter Massachusetts, which is preparing to be the first state in the nation to ban the collection and monetization of user cell phone location data:
The legislature held a hearing last month on a bill called the Location Shield Act, a sweeping proposal that would sharply curtail the practice of collecting and selling location data drawn from mobile phones in Massachusetts. The proposal would also institute a warrant requirement for law-enforcement access to location data, banning data brokers from providing location information about state residents without court authorization in most circumstances.
You can peruse the House and Senate versions of the bill. MA's legislature seems particularly motivated by the overturning of Roe, and the very legitimate concern that user location data will now be abused by both State AGs looking to prosecute women seeking reproductive health care, or radicals and vigilantes looking to purchase data on abortion clinic visitors (which has proven easy to do) in order to harass them:
Politicians and law-enforcement officials would not be able to track user data once someone crosses over the Massachusetts state line without a warrant or unless in response to a reported imminent threat to human life.
Should the bill pass, an app provider that did not comply would be subject to both legal action from the Massachusetts Attorney General and at risk of a civil suit from the individual.
Again, the federal government could have passed a basic privacy law regulating location data collection and sales a decade ago, but chose not to because abusing that data was too profitable (and provided an easy end-around to getting a warrant). Now, that hubris and greed is swinging back around to bite us on the ass as the country's authoritarian movement aims to exploit the dysfunction created.
While the bill is expected to pass, I wouldn't be shocked if it's dramatically weakened or modified before that happens. There are an awful lot of folks in law enforcement - and a very long line of industries and companies - who definitely don't want Massachusetts disrupting a very broken, and very profitable, status quo several decades in the making.