SecureMac, Inc.

Senate bill to ban sale of location data in the US

June 23, 2022

Senate location data bill would ban sale and transfer of user location and health data in the United States. What’s in the law? Will it pass?

Senate bill to ban sale of location data in the US

A new bill in the United States Senate would place strict limits on the sale and transfer of location and health data. The law was proposed last week by Sen. Elizabeth Warren (D-MA) and co-sponsored by three other Democratic Party senators and Sen. Bernie Sanders (I-VT). It is a significant attempt to rein in the data broker industry and defend user privacy.

What’s in the bill

The proposed law is called “The Health and Location Data Protection Act”. 

According to the one-page summary on Warren’s website, the law would “ban data brokers from selling some of the most sensitive data available about everyday Americans: their health data and location data”. 

The bill contains several key elements, including:

  • A blanket ban on data brokers selling or transferring user location data and/or health data (with exceptions for protected First Amendment speech, “authorized disclosures”, and certain “HIPAA-compliant activities”).
  • Provisions aimed at giving the law teeth. The Federal Trade Commission (FTC), state attorneys general, and private citizens would be able to sue violators for damages and injunctions under the law.
  • $1 billion in funding allocated to the FTC over the next 10 years to help them enforce the law.

Why is user data a security and privacy issue?

We’ve often talked about how data collection threatens user security and privacy, on this blog as well as on The Checklist podcast. To recap in brief:

User data is big money

By some estimates, the data industry rakes in up to $200 billion annually. Because of this, many app developers, websites, and tech companies hoover up as much user data as possible.

At times, they just use this data to serve their users targeted ads. But they also share it with (or sell it to) third-party data brokers. Those brokers then use the data for their own purposes — and they resell it to others.

In short, there is a tremendous financial incentive for companies and data brokers to abuse user privacy. And at the moment, there is little regulation or oversight of their data handling practices in the United States.

The user data trade has harmful consequences

It’s tempting to suppose there isn’t anything all that serious about tech companies and data brokers buying and selling user data. After all, they’re just using it to sell advertising — or so the thinking goes. 

But the truth is that the trade in user data has a number of harmful consequences.

First, it’s a direct threat to personal privacy. The more detailed the data profile of a user, the more valuable it is to data brokers. This means that companies and brokers are incentivized to collect some extremely personal forms of user data. In other words, it’s not just about websites you visited or things you bought on Amazon. It’s your physical location, your search history, your personal contacts, your health and medical data, and more. 

Secondly, the data trade is a potential security threat. Data brokers sell to the highest bidder. They have highly detailed information about you — but they really don’t care who’s buying it, or why. They just want to make money. And that can have dangerous consequences.

Abusers have bought location data from brokers in order to stalk and harass their victims. Law enforcement agencies purchase user data to circumvent constitutional restrictions on government surveillance. And in some cases, even children’s data, collected through education apps, is being sold.

Will the bill become law?

In an era of extreme political division, it’s hard to say if any bill will become law in the United States. This Senate bill to ban the sale of location data does not have bipartisan sponsorship, which probably works against it. And historically, the US hasn’t shown interest in regulating data privacy to the same extent as other countries.

On the other hand, there have been recent signs that Democrats and Republicans are willing to work together on regulating the tech industry. And at the state level, there are already some robust data privacy laws

So what will be the fate of the Health and Location Data Protection Act of 2022? Only time will tell!

Learn more about location and health privacy

To learn more about location data privacy, and about how to protect your personal health data, check out the following resources:

How to Keep Your Health Data Private

Checklist 188: Don’t Let Your iPhone Give You Away

What Is Geofencing?

Get the latest security news and deals