TrustArc Blog

NYC Proposes Telecom and Mobile App Geolocation Sharing Prohibition

August 19, 2019

The New York City Council has put forth a proposal to prohibit the sharing of a customer’s location data by telecommunications carriers and mobile application (app) developers.  According to Int. 1632-2019, introduced by the Council and referred to committee on July 23, 2019, the administrative code of New York City (NYC) would be amended to render unlawful such entities’ sharing of a customer’s location “where such data was collected while the customer’s mobile communications device were physically present in the city.”

The term “location data” is defined without specificity as to the level of location preciseness as information related to the physical or geographical location of a person or the person’s mobile communications device, “regardless of the technological method used to obtain this information.” This suggests, then, that the level of abstraction could include geolocation data derived potentially via IP address, WiFi triangulation, GPS signals, cellular data information, beacons and more. The bill exempts from the sharing prohibition instances where location data is shared in order to provide a service explicitly requested by the customer, or where location data is “shared in exchange for products or services,” potentially leaving the door open for location sharing or selling as part of a loyalty program, for instance.

The Department of Information Technology and Telecommunications (DITT) would be the enforcement body for the law, which provides for a $1,000 civic penalty for each violation, capped at $10,000 per day per person for multiple violations. The bill also affords a private right of action to customers whose location data were shared in violation of the law, with a court of competent jurisdiction being able to award actual damages at the same levels as the DITT, plus reasonable attorney’s fees. The DITT is empowered to promulgate rules to further administer the law, which would take effect 120 days after becoming law.

See full article here.

This update was provided by the TrustArc Privacy Intelligence News and Insights Service, part of the TrustArc Platform. To learn how you can get full access to the daily newsfeed, contact us today!