In March 2013, a bipartisan group of lawmakers reintroduced companion legislation in the House and Senate which would require businesses to obtain consent from individuals before collecting and sharing their geolocation information.
What’s known as the Geolocation Privacy and Surveillance (GPS) Act aims to criminalize the surreptitious tracking of individuals and require the government to obtain a warrant before collecting geolocation information. The bill’s warrant requirement has been well-received by privacy advocates.
The bill was written by US Representative Jason Chaffertz (R-UT) and US Senator Ron Wyden (D-OR), in response to a January 2012 Supreme Court ruling that law enforcement entities using GPS trackers to monitor vehicle movements without a search warrant violates the Fourth Amendment.
As it’s written, the bill defines “geolocation information” as information derived from a device that is not the content of a communication and “could be used to determine or infer information regarding the location of the person.” This definition is rather broad and could include IP addresses.
In general, however, geolocation data is information generated by electronic devices, including cell phones, Wi-Fi equipped laptops and GPS navigation units, that may be used to determine the location of these devices and thus the owners of the devices.
Geolocation information is used by a variety of companies for legitimate commercial reasons. For instance, cell phone service providers may use such information to route calls to their customers, GPS navigation services use it to help customers avoid getting lost on the road, and various other technology companies use it to provide a wide range of online services.
Although consent takes a central role in the bill, the GPS Act doesn’t specify what kind of consent is required. With a private right of action and minimum statutory damages clause of $10,000 per violation, the GPS Act will almost certainly spark a number of class action suits testing the scope of geolocation information and the adequacy of consent.
What would the GPS Act mean?
At the moment, laws pertaining to geolocation have not kept up with changing technology. Judges in different jurisdictions have issued contradictory rulings about the procedures that law enforcement must follow, and how much evidence is required, in order to obtain individuals’ geolocation data from private companies. This confusion creates problems for law enforcement agencies, private companies and customers.
Essentially, the GPS Act would establish a legal framework providing government agencies, commercial entities and private citizens clear guidelines for when and how geolocation information could be accessed and used.
The bill creates a process by which government agencies can obtain a probable cause warrant to access geolocation information in the same way that they currently get warrants for wiretaps or other types of electronic surveillance.
Additionally, the GPS Act would prohibit businesses from disclosing geographical tracking data about its customers without the customers’ permission.
The GPS Act is primarily modeled after existing federal wiretapping statutes. This approach is based on the perspective that surreptitiously turning and individual’s cell phone into a tracking device without their knowledge has a substantial privacy impact, just like tapping into that person’s phone or searching their house.
While there are a number of similar bills proposed to address such issues, the GPS Act is different because of its comprehensive approach to the problem. The Act establishes clear rules for both law enforcement agencies and private entities that have access to geolocation data, unlike other bills which cover only one or the other. The GPS Act also covers both real-time tracking and access to records of individuals’ past movements in the same way.
This article discusses the Geolocation Privacy and Surveillance (GPS) Act, which was introduced in March 2013. It aims to criminalize the surreptitious tracking of individuals and requires the government to obtain a warrant before collecting geolocation information.
CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/Information Technology (CIPP/IT) exam, a privacy professional should be comfortable with topics related to this post, including:
- Location-based services – GPS (VI.C.a.)