By: Lisa Vaas of Naked Security
The US state of Illinois is poised to pass a law that makes it illegal to track a phone’s location without the owner’s consent.
The law, the Geolocation Privacy Protection Act (HB3449), was passed in both houses of the state legislature last week. It’s now on the desk of Governor Bruce Rauner, ready to be signed into law.
The bill will make it illegal for a company to track a person’s geolocation without first getting permission. It sets criminal penalties and damages of at least $1,000, plus attorney’s fees and court costs, for working out a person’s whereabouts from their device without permission.
‘Geolocation information’ means information that: (i) is not the contents of a communication; (ii) is generated by or derived from, in whole or in part, the operation of a mobile device, including, but not limited to, a smart phone, tablet, or laptop computer; and (iii) is sufficient to determine or infer the precise location of that device.
IP addresses aren’t covered by the bill. It also includes exceptions for finding a missing child or to enable emergency responders to locate somebody. Breaking the new law will be considered a violation of the Consumer Fraud and Deceptive Business Practices Act.
Some question whether the bill will have any real-world impact, given that most devices, apps and websites now ask people for permission before they use location data.
True, and good for their developers. But there’ve been plenty of times when that permission wasn’t sought or granted, yet still our locations have been tracked. There are other times when our locations have been shared without our permission simply because some developer along the line introduced location-sharing by accident.