Image: d3sign
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Cosponsors of the bill are senators Ron Wyden, chair of the Senate Finance Committee; Patty Murray, chair of the Senate HELP Committee; Sheldon Whitehouse; and Bernie Sanders, chair of the Senate Budget Committee.The Health and Location Data Protection Act is hugely ambitious in its scope, in that it will rather unambiguously “ban data brokers from selling or transferring location data and health data” barring some limited exceptions, according to a summary sheet of the bill shared with Motherboard by Warren’s staff. Those exceptions include activities that are compliant under HIPAA, the federal law used for protecting healthcare data, and First Amendment speech, the summary adds.Do you work in the location data industry? Do you know about any more abuses of location data? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.
Advertisement
Advertisement
Advertisement
Beyond the ban on the sale of location data, the bill includes other mechanisms around enforcement, such as $1 billion in funds for the FTC over the next decade to perform its existing responsibilities and new ones around this law, and powers for the FTC and state attorneys general to sue to enforce the law. Individual people could also sue for damages and injunctions under the bill.Because the bill goes far beyond banning just the sale of location data related to abortion clinics, and instead encompasses the sale of such data in general, it is likely to face fierce opposition from the massive location data industry. X-Mode, a company that Motherboard revealed was harvesting location data from a Muslim prayer app and which had U.S. military contractors among its clients, paid lobbying group Franklin Square Group $30,000 in 2020 (X-Mode has since rebranded as Outlogic, and was acquired by Digital Envoy in 2021). Venntel, a firm that The Wall Street Journal first reported provided location data based products to U.S. law enforcement, paid $160,000 in 2020, $320,000 in 2021, and so far $80,000 in 2022 on lobbying efforts. Venntel paid that money to lobbying firm Alpine Group.Other lawmakers have recently proposed another piece of somewhat related legislation. The My Body My Data Act from congresswoman Sara Jacobs (CA-53) aims to stop the collection and transfer of reproductive health data. It also would give consumers the ability to launch lawsuits against companies that violated the practice, the Washington Post reported earlier this month. As the Post added, the bill is unlikely to become federal law given broad Republican opposition to expanding abortion protections and an evenly split Senate. Jacobs told the Post, “We think this can be a model for states as they are trying to figure out how they can best protect people’s right to abortion.”Edwards, the privacy researcher, added, “This bill from Senator Warren is long overdue, and while it's becoming clearer every day to Americans that their personal lives and decisions are for sale to the highest bidder, it's clear that Senator Warren has a plan to turn the tables on data brokers, and Congress would be wise to pass some version of this important legislation.”Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.“This legislation would impact location data brokers and big tech companies who make location data for end-users available to their partners in unsafe ways.”