If signed, companies would be required to inform users of how they’re using the location data they collect, if the users decides to share it. Companies who don’t adhere would be in violation of the Consumer Fraud and Deceptive Business Practices Act and would face criminal penalties and damages of at least $1,0. There are a few exceptions to the law. For instance, private entities can collect geolocation data without consent if the information will help parents find missing children or aid firefighters, police, or medical professionals. The new law might not have a huge real- world impact, given that most devices and apps already ask people for permission before they start using location data. But this might encourage more tech companies and app developers to give users the option to opt out of being tracked.
There have been plenty of times in the past when companies have faced repercussions for tracking users without their consent. For instance, Apple and Uber have been sued for allegedly tracking un- notified users. Ari Scharg, director of the Digital Privacy Alliance (DPA), told Gizmodo that the organization has done reports on the apps Selfie. Rate Selfie Pic Hot Or Not, which give developers precise GPS coordinates whenever a person uploads a photo.“When a person is just browsing through the photos to rate them, if they were intercepting the backend traffic, they would be able to get the GPS coordinates of each person they viewed,” Scharg said. The state’s Biometric Information Privacy Act prohibits tech companies from using biometric identifiers—like face scans and fingerprints—without consent.
Their Right To Know Act—which passed in May, but was put on hold—requires companies such as Facebook, Amazon, and Google to disclose what data has been collected from consumers and shared with third parties.