Close this menu

Two Geolocation Privacy Bills in One Day and Neither Got it Right

Compass2_25

Today, Congress saw the introduction of two, that’s right two, geolocation privacy bills.

Senators Franken and Blumenthal released their Location Privacy Protection Act at the same time Senator Wyden and Rep. Chaffetz put up their Geolocation Privacy and Surveillance (“GPS”) Act.  Both bills attempt to give consumers more control over geolocation privacy–without stunting the incredible innovation in location-aware applications and devices.  Neither bill got it right.

Both bills authorize new lawsuits where plaintiffs can get minimum damages for each violation.  Sen. Franken’s bill sets the bounty at $2,500 per violation and the Wyden bill is even more tempting, at $10,000 per violation.

While you’d think that big fines might deter bad actors, think about this: truly bad actors already ignore all our existing laws, many of which carry big fines and jail time.

Instead, big bounty payments like this will victimize legitimate companies with deep pockets, for whom a mere technical violation becomes a magnet for mulit-million dollar lawsuits.

While you’d think that big fines might deter bad actors, think about this: truly bad actors already ignore all our existing laws, many of which carry big fines and jail time.

With laws like these, there’s no need for attorneys to chase ambulances anymore.  The local high school bus is full of teenagers with smartphones — many of whose geolocation data is shared with their parents. What if, say, Google and Facebook didn’t obtain affirmative consent when these teens turned 18?   Every sharing by every 18-year-old could bring $2,500 per violation, plus attorney’s fees.

Government regulators or prosecutors wouldn’t pursue a case like that, but plaintiff’s attorneys won’t hesitate to bring class action lawsuits in pursuit of big bounties from big companies.  This can’t be the result that our lawmakers had in mind, so we’re hoping the statutory damages will be reduced or eliminated for private plaintiffs.

There are other changes needed in these bills, too.

Neither bill allows for temporary collection of geolocation information, even if its not stored permanently.

Sen. Franken’s bill would create huge challenges for new businesses who’d have to re-enroll every single customer if they made changes to their collection or sharing policies.   Under their bill, when a business changes its privacy policy, it loses all previous permissions obtained to collect or use geolocation data, and must must convince each user to once again provide their consent.  This mass re-enrollment would be a daunting challenge for a startup, leading them to avoid innovations that would change how geolocation data is used.

The bill from Wyden and Chaffetz has some definitional challenges, too. For example, companies who merely see an IP address from a laptop computer (perhaps to give more detailed movie listings without having to ask for a zip-code) could face lawsuits at $10,000 per violation.

Two bills in one day makes for a long day.  But we’re in for a much longer battle if these bills turn mobile computing into a bounty hunt for the plaintiff’s bar.