Massachusetts Considers Ban on Sales of Cellphone Location Data (wbur.org) 16
"While some states have taken steps to protect cell phone information, Massachusetts could become the first state to outright ban the sale of location data from cell phones," reports WBUR:
Data brokers are able to buy and sell cell phone location data to anyone with a credit card without many restrictions. "There's very little in terms of law that prevents companies from doing this, as long as they at least include somewhere in their privacy policies that this is something that they're doing," said Andrew Sellars, a Boston University law professor and director of the Technology Law Clinic. Sellars said that there have been recent updates to operating systems that can alert users when their data is being tracked or obscure the specificity of the users' location, but overall there's little protection for buying and selling location data.
Can law enforcement agencies buy cell phone data? Yes. Sellars says that under the current law, law enforcement can circumvent obtaining a warrant to get data by buying data directly from brokers. "The Electronic Privacy Information Center has done some studies on this recently and shown that there's been a growing market of consumer location data that's handled by data brokers being bought by law enforcement at all different levels: federal, state, and local law enforcement," said Sellars...
The bill provides a defined scope of purpose in which companies can collect and use a customer's location data. Under the legislation, companies would only be allowed to use location data to provide a product or service that a consumer wants. "For example, if you are ordering food on a food app and it's using your location to know where to deliver the food, that would be a permissible use," said Sellars. "But aside from that, you are essentially prohibited from doing anything else with the data."
Earlier this week WBUR noted that the Massachusetts bill is "pending" before a state-government committee, "which has not scheduled a hearing on it."
Can law enforcement agencies buy cell phone data? Yes. Sellars says that under the current law, law enforcement can circumvent obtaining a warrant to get data by buying data directly from brokers. "The Electronic Privacy Information Center has done some studies on this recently and shown that there's been a growing market of consumer location data that's handled by data brokers being bought by law enforcement at all different levels: federal, state, and local law enforcement," said Sellars...
The bill provides a defined scope of purpose in which companies can collect and use a customer's location data. Under the legislation, companies would only be allowed to use location data to provide a product or service that a consumer wants. "For example, if you are ordering food on a food app and it's using your location to know where to deliver the food, that would be a permissible use," said Sellars. "But aside from that, you are essentially prohibited from doing anything else with the data."
Earlier this week WBUR noted that the Massachusetts bill is "pending" before a state-government committee, "which has not scheduled a hearing on it."
My solution to this problem is simple: (Score:2)
Re: (Score:2)
Likely cover excuse for doing self-control the hard way.
Re: (Score:2)
I should get a donkey too to do this. :P
That this needs legislation is sad (Score:5, Informative)
There really ought to be a more general law - you cannot share customer data without customer approval, and the approval must be opt-in and not required for service or products.
Rather than fines, it should come with prison time for anyone involved in doing so in violation of the law - from the exec who orders it right down to the IT tech who configures the database link, and everyone in between.
Re: (Score:2)
That Info Should Be Encrypted (Score:2)
And only sent to the phone company's tracking server for internal use only. If I sit here and think too long about this I get mad as a hornet with hemorrhoids. To think that the public hasn't had this forced by the government (two entities that should have done this anyway) is crazy. /rant off.
Deletion requirement (Score:3)
Require that data be deleted after a specific time period. Two years ought to be sufficient.
This one should be easy. (Score:2)