Sen. Al Franken (D-Minn.) and Richard Blumenthal (D-Conn.) today introduced the Location Privacy Protection Act, which would require that companies obtain users' consent before collecting location data or sharing the information with third parties. Advocacy groups including the Center for Democracy and Technology, Consumer's Union and Consumer Action back the measure.
Critically, the act provides for damages of at least $2,500 per violation. For that reason alone, it could cause companies that engage in location tracking to reevaluate their procedures. Currently, when consumers sue for privacy violations they often have a hard time establishing that they suffered any economic injury. But when a statute provides for monetary damages, it's easier for consumers to sue.
Additionally, security researchers recently reported that smartphones and other devices collect extensive data about their owners' whereabouts. iPhones and iPads store that information on a "consolidated.db" file contained in the devices. Soon after that report, Apple said it planned to release a software update that will delete the cache file in users' devices if they turn off location services.
Androids also reportedly store location data in unencrypted files on devices and send the information back to Google. Google has said that any location data it gathers is anonymous, and that it only collects information from users who have consented. Google says that the first time Android users access location services through the set-up wizard, they are shown a screen with a pre-checked box consenting to the company's collection of the data. People who don't affirmatively opt out are deemed to have consented to the data collection; if people never go through the set-up wizard, Google doesn't gather location information.