Jon Brodkin, Ars Technica:
A bill introduced by Sen. Elizabeth Warren (D-Mass.) would prohibit data brokers from selling Americans’ location and health data, Warren’s office said Wednesday.
“Largely unregulated by federal law, data brokers gather intensely personal data such as location data from seemingly innocuous sources including weather apps and prayer apps—oftentimes without the consumer’s consent or knowledge,” a bill summary said. “Then, brokers turn around and sell the data in bulk to virtually any willing buyer, reaping massive profits.”
I do love the sound of this. Though Brodkin says it bans selling certain data types, it is actually more comprehensive — if passed, data brokers would be prohibited from doing just about anything with location and health data “declared or inferred”.
It seems too good to be true, and my hopes were quashed when I read this piece from Jeffrey Neuburger of the National Law Review:
[…] The bill makes exceptions for health information transfers done lawfully under HIPAA, publication of “newsworthy information of legitimate public concern” under the First Amendment, or disclosure for which the individual provides “valid authorization.” The FTC would be responsible for adapting the HIPAA-related term “valid authorization” to fit the location data context. It is possible that the conspicuous notice and consent processes surrounding the collection and use of the data — as is currently in place in many mobile applications — will suffice.
If all big ideas for protecting privacy come down to the same notice and consent laws that have had mixed results around the world, I do not think we will find ourselves in a better place. Everyone will simply be more irritated by the technology they use while finding few privacy benefits. I understand the value of someone consenting to have information collected and shared, but there needs to be a better model for confirming an opt-in and limitations on its use.
Julia Conley, Common Dreams:
Warren noted that location data has already been used by federal agencies to circumvent the Fourth Amendment by purchasing private data instead of obtaining it via a subpoena or warrant and to out LGBTQ+ people.
I continue to wonder how much of a factor it is that law enforcement and intelligence agencies rely on anti-privacy companies and data brokers as a workaround for more scrutinized legal measures.