Massachusetts Considers Ban on Sales of Cellphone Location Data

"While some states have taken steps to protect cell phone information, Massachusetts could become the first state to outright ban the sale of location data from cell phones," reports WBUR: Data brokers are able to buy and sell cell phone location data to anyone with a credit card without many restrictions. "There's very little in terms of law that prevents companies from doing this, as long as they at least include somewhere in their privacy policies that this is something that they're doing," said Andrew Sellars, a Boston University law professor and director of the Technology Law Clinic. Sellars said that there have been recent updates to operating systems that can alert users when their data is being tracked or obscure the specificity of the users' location, but overall there's little protection for buying and selling location data.

Can law enforcement agencies buy cell phone data? Yes. Sellars says that under the current law, law enforcement can circumvent obtaining a warrant to get data by buying data directly from brokers. "The Electronic Privacy Information Center has done some studies on this recently and shown that there's been a growing market of consumer location data that's handled by data brokers being bought by law enforcement at all different levels: federal, state, and local law enforcement," said Sellars...

The bill provides a defined scope of purpose in which companies can collect and use a customer's location data. Under the legislation, companies would only be allowed to use location data to provide a product or service that a consumer wants. "For example, if you are ordering food on a food app and it's using your location to know where to deliver the food, that would be a permissible use," said Sellars. "But aside from that, you are essentially prohibited from doing anything else with the data."
Earlier this week WBUR noted that the Massachusetts bill is "pending" before a state-government committee, "which has not scheduled a hearing on it."

My solution to this problem is simple:

[apparently]

I store my cellphone up my ass, so anyone who purchases my cellphone location data just gets gigs and gigs of pictures of my ass.

Re:

[zenlessyank]

Likely cover excuse for doing self-control the hard way.

Re:

[antdude]

I should get a donkey too to do this. :P

That this needs legislation is sad

[Baron_Yam]

There really ought to be a more general law - you cannot share customer data without customer approval, and the approval must be opt-in and not required for service or products.

Rather than fines, it should come with prison time for anyone involved in doing so in violation of the law - from the exec who orders it right down to the IT tech who configures the database link, and everyone in between.

Re:

[joe_frisch]

I agree with the concept, but I expect that "approval" will just be added to the EULA and you will have no real choice if you want to interact with the modern world. I'd rather it be always illegal.

That Info Should Be Encrypted

[zenlessyank]

And only sent to the phone company's tracking server for internal use only. If I sit here and think too long about this I get mad as a hornet with hemorrhoids. To think that the public hasn't had this forced by the government (two entities that should have done this anyway) is crazy. /rant off.

Deletion requirement

[backslashdot]

Require that data be deleted after a specific time period. Two years ought to be sufficient.

This one should be easy.

[John.Banister]

Get a voter initiative for the bill. Start a company named evilcorp. When it's polling time, have evilcorp buy lots of location data and spam phones near the polling places with messages "I see you're near polling place [...], just drop in and vote 'no.' This message brought to you by Evilcorp, progressively striving to own your soul." Even though they recognize the blatant reverse psychology, people will want to prohibit the access the permits the spam.