Geolocation Tracking: Illinois Bill Would Ban Companies From Tracking Consumers Without Consent
Lawmakers in Illinois have introduced legislation that would make it illegal to track the location of a mobile device without the consent of the owner—though it is unclear how much real-world impact such a law would have.
The bill, dubbed the Geolocation Privacy Protection Act (HB3449), was passed by both houses of the state legislature last week and now sits on the desk of Republican Governor Bruce Rauner, who can sign the bill into law.
Read: GPS Act Would Restrict Cops’ Use Of ‘Stingrays’ And Other Phone Surveillance Tech
If signed, the law would make it illegal for any company to track an individual’s geolocation through their mobile device without first getting permission. Those who fail to comply with the law would be fined at least $1,000 in criminal penalties and damages, plus additional attorney’s fees and court costs.
The bill defines geolocation information to be any information as anything that is “generated by or derived from, in whole or in part, the operation of a mobile device, including, but not limited to, a smart phone, tablet, or laptop computer” and is “sufficient to determine or infer the precise location of that device.”
The law excludes any information derived from the contents of communications and provides exemptions for emergency situations including efforts to locate a missing child or attempts by emergency responders to location someone. The bill also does not cover IP addresses that are used to identify a device as it communicates over a network.
Critics of the bill have suggested that it will do little in practice to actually prevent the tracking of Illinois citizens, especially since most apps and websites already ask for permission before they are given access to user location information.
Read: What Is Elsa? CIA Can Track Location Of Wi-Fi-Enabled Devices Using Windows
Despite this, there have been many instances of companies accessing user location information without their knowing consent, including cases where Apple granted location data to third-parties and Google kept location data collected through its Google Play Store app.
Security researchers have also discovered cases where apps are tracking or sharing location data completely unintentionally, as was discovered with WhatsApp in 2014. That security lapse was eventually patched, but under the Illinois law it’s possible the company may have been on the hook for fines for such an incident.
Regardless the likelihood that such a law will be effective, the Geolocation Privacy Protection Act is the latest example of Illinois’ efforts to lead the way in protecting consumer privacy when it comes to technological snooping.
The state also passed the Biometric Information Privacy Act, which prohibits tech companies like Snapchat, Facebook and others from using biometric information—eye scans, fingerprints, voiceprints, etc.—without prior, written consent from the user.
In May, the state passed the Right to Know Act, which requires tech firms to disclose what data has been collected on a user and shared with third parties.
Newsweek’s Structure Security conference on Sept. 26-27 in San Francisco will highlight the best practices that security professionals are using to protect some of the world's largest companies and institutions, join us for two days of talks, workshops and networking sessions with key industry players - register now.
© Copyright IBTimes 2024. All rights reserved.