For those who haven’t seen the film “2000 Mules” yet, the investigators and filmmaker Dinesh D’Souza used cell phone data to map out the 2020 Presidential election. Having been highly contested and with some believing the Democrats helped rig the election, the data presented in the film showed how many drop boxes were visited by the same people numerous times. While the film has made its rounds on social media, the mainstream media has refused to discuss or promote it. But on June 15, Democratic Senator Elizabeth Warren introduced a bill called the “Health and Location Data Protection Act of 2022” aimed at banning the selling, sharing, or transferring of location data and health data.
Giving the Federal Trade Commission permission to enforce the new regulations, D’Souza, in the video below, discussed the new bill and how the Democrats claim it has to do with Roe v. Wade. “Senator Elizabeth Warren has proposed a new bill. And you’re gonna chuckle when you hear this. It’s a bill to ban, a sweeping ban, on cell phone geolocation and health data sales. Now, let’s look at this a little more closely. Supposedly, this is all tied, not so much to 2000 Mules, but it’s tied to Roe v. Wade. So the article, which is from The Verge, says, ‘as the Supreme Court’s expected decision to overturn Roe v Wade looms, Senator Elizabeth Warren has announced sweeping legislation to ban the sale of location and health data.’ Now, this is a bill that’s apparently co-sponsored by Bernie Sanders and Ron Wyden. And here’s what it does. It bars, quote, ‘data brokers from selling or transferring location data and health data.’ There are few limitations making the bill one of the strongest proposals aimed at regulating data sales.”
According to the National Law Review, the Health and Location Data Protection Act of 2022 included the following restriction:
- Definition of “Data Broker”: The bill defines a data broker as a person that collects, buys, licenses, or infers data about individuals and then sells, licenses, or trades that data. Thus, an app publisher that collects Location Data would be considered to be a Data Broker under this bill. This is a more expansive view of what a data broker is as compared to the current state laws addressing data brokers. See e.g., Civ. Code § 1798.99. 80(d) (California’s data broker registration law defines “data broker” as: “a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship”).
- Prohibition and Exceptions: The bill would make it unlawful for a data broker to “sell, resell, license, trade, transfer, share, or otherwise provide or make available” location data or health data (or categories of such data as the FTC may identify). The bill makes exceptions for health information transfers done lawfully under HIPAA, publication of “newsworthy information of legitimate public concern” under the First Amendment, or disclosure for which the individual provides “valid authorization.” The FTC would be responsible for adapting the HIPAA-related term “valid authorization” to fit the location data context. It is possible that the conspicuous notice and consent processes surrounding the collection and use of the data – as is currently in place in many mobile applications – will suffice.
- Enforcement: The bill empowers the FTC, state attorneys general, and injured persons to sue to enforce the provisions of the law. With regard to the FTC, the text states that a violation of the law would be deemed an unfair or deceptive practice under the FTC Act and specifically allows the FTC to pursue injunctive relief, deletion of data, and obtain civil penalties (as defined under the bill). The private right of action in the bill would give “any person whose interest has been or is threatened or adversely affected by the engagement of any data broker” to seek injunctive relief, deletion of data, monetary damages, and attorney’s fees.
- Definition of “Data” and “Location Data”: “Data” includes “information that is linked, or reasonably linked to specific individuals, or specific groups of individuals who share the same place of residence or internet protocol address.” The term “location data” is defined as “data capable of determining the past or present physical location of an individual or an individual’s device” (note: the bill does not make a distinction between geolocation data and precise geolocation data). It would be interesting to see how the term “reasonably linked” in the definition of “data” would be interpreted, as location data is often anonymized before it is packaged and sold (yet, in some instances, may theoretically still be able to be de-anonymized). To the extent a mobile app that collects locational data aggregates it before transferring it to a third party, it may be outside the scope of the act.
The opinions expressed by contributors and/or content partners are their own and do not necessarily reflect the views of Red Voice Media. Contact us for guidelines on submitting your own commentary.