Mentors and Mavens All Stories
To The Point Daily Tech Brief Tech Conversations Money Talks Startup Fridays From the Bookshelves All Podcasts
Leadership Mantras Pathbreakers Lets Talk About One Thing Today in Tech Momentum Nuts and Bolts In Conversation With From the Field Beyond the Boardroom All Videos
  1. Home
  2. UpFront
  3. Special
  4. New York City may ban sale of phone location data

New York City may ban sale of phone location data

AT&T, T-Mobile and Verizon have pledged to stop selling location data to brokers who may sell the information on the black market. But data on users' whereabouts is lucrative: Location-targeted advertising sales brought in an estimated $21 billion last year

By Jeffery C. Mays
Published: Jul 24, 2019

A subway passenger on a smart phone in New York, Sept. 9, 2017. A bill would make it illegal for cellphone companies and mobile apps to share user location information collected in the city without a customer’s explicit permission
Image: Ali Asaei/The New York Times

NEW YORK — Telecommunications firms and mobile-based apps make billions of dollars per year by selling customer location data to marketers and other businesses, offering a vast window into the whereabouts of cellphone and app users, often without their knowledge.

That practice, which has come under increasing scrutiny and criticism in recent years, is now the subject of a proposed ban in New York. If the legislation is approved, it is believed that the city would become the first to forbid the sale of geolocation data to third parties.

The bill, which was introduced Tuesday, would make it illegal for cellphone companies and mobile app developers to share location data gathered while a customer’s mobile device is within the five boroughs.

Cellphone companies and mobile apps collect detailed geolocation data of their users and then sell that information to legitimate companies such as digital marketers, roadside emergency assistance services, retail advertisers, hedge funds or — in the case of a class-action lawsuit filed against AT&T — bounty hunters.

“The average person has no idea they are vulnerable to this,” said Councilman Justin L. Brannan, D-Brooklyn, who introduced the bill. “We are concerned by the fact that someone can sign up for cell service and their data can wind up in the hands of five different companies.”

In the absence of a federal law specifically protecting consumers’ location data, cities and states have stepped up to enforce privacy regulations and location data rules. In San Francisco, voters approved a ballot measure in 2018 that would require companies to disclose their data practices and secure customer data to win city contracts.

Read More

In January, the city of Los Angeles filed a lawsuit against the developers of the Weather Channel app, accusing them of deceptively collecting location data from millions of American users. The app tricked users into turning on location data by telling them that it would be used only to localize weather reports. Instead, the data was used for commercial purposes like analysis for hedge funds, the suit alleged.

The proposed legislation in New York will almost certainly be opposed by the ad tech industry, which has a strong presence in the city. Brannan said he did not consult industry leaders for input.

The bill would restrict cellphone companies and mobile apps from sharing location data to situations where they were “providing a service explicitly requested” by the customer. The language is designed to challenge the vague agreements customers click on when signing up for an app or a cellular service. The legislation would also exclude the collection of location data in “exchange for products or services.”

Marc Rotenberg, president of the Electronic Privacy Information Center, said the collection of location data was now the “primary technique to track people in physical space” and “raises far-reaching privacy concerns.”

“New York City is joining a growing list of cities that are not waiting for Washington to pass privacy legislation,” he added.

The bill provides for steep fines, ranging from $1,000 per violation to $10,000 per day per user for multiple violations, while giving customers who have had their location data shared without their explicit permission the right to sue.

David LeDuc, vice president of public policy for the Network Advertising Initiative, said he was concerned about allowing consumers to sue. The civil penalties under the law are “substantial” enough to force compliance, he said.

“Tacking on a private right of action is merely an invitation for unscrupulous trial attorneys to sue companies out of business, in many cases likely for merely making a compliance error where consumers have not suffered any injury,” LeDuc said.

Dave Grimaldi, executive vice president for public policy for the Interactive Advertising Bureau, a national trade association, said that a better approach would involve “a uniform national data privacy law that protects consumers regardless of where they reside.”

Kathryn Wylde, president and chief executive of the Partnership for New York City, echoed Grimaldi’s remarks, suggesting that New York’s proposal would be an unwelcome addition to the “wide-ranging policy standards” in different states that companies must navigate.

“This is not an efficient way to solve this problem,” Wylde said.

It is not yet clear whether the bill will pass the full council, but the council speaker, Corey Johnson, said he was open to exploring solutions to the privacy issues addressed in Brannan’s bill.

“We live in an age where people’s private information is being sold to the highest bidder, and it is important for us to think of 21st-century fixes,” Johnson said.

A spokeswoman for Mayor Bill de Blasio, Freddi Goldstein, said that the mayor’s office will review the bill. If passed, the city’s Department of Information Technology and Telecommunications would enforce the law; a department spokeswoman, Robin Levine, said the agency agreed “wholeheartedly that New Yorkers’ personal information should not be surreptitiously collected and exploited.”

Exceptions to the proposed ban include information legally supplied to law enforcement agencies; data provided to emergency responders; data required under federal, state or city law; and situations where customers knowingly provide their location data. The legislation does not require that law enforcement agencies be given location data or provide them with an entitlement to collect it.

Before the bill can come to a vote, it would probably first be heard by the council’s Committee on Technology. Robert F. Holden, the committee chairman, called the bill a “priority.”

“Privacy is a serious concern, especially in a day and age where more and more of it is stripped from us as technology progresses,” said Holden, who added that he was interested in seeing “how municipal government can do better in protecting user data.”

AT&T, T-Mobile and Verizon have pledged to stop selling location data to brokers who may sell the information on the black market. But data on users’ whereabouts is lucrative: Location-targeted advertising sales brought in an estimated $21 billion last year.

Sen. Kamala Harris of California, a Democrat seeking her party’s nomination for president, has called on Congress to pass laws ending the sale of location data.

Brannan said the failure of cellular companies to police themselves was all the more reason for cities to step up.

“Why should we trust them?” he said. “Once municipalities know they have this tool in the arsenal, hopefully it will have a chain reaction.”

©2019 New York Times News Service

Boris Johnson to take leadership of a Britain in deep crisis
Celebrate diversity, but universality too
X