Location Privacy Protection Act

Guest Article By Sonya Ziaja.

Ms. Ziaja is a regular contributer to Legal Match’s Law Blog and to Shark. Laser. Blawg

Senator Al Fraken proposed a consumer privacy geolocation bill (the Location Privacy Protection Act) earlier this term.

Unlike the bipartisan GPS Act, the bill does not attempt to grapple the Fourth Amendment question of whether law enforcement should be required to obtain a warrant before surreptitiously tracking citizens.

Rather, Franken’s bill concentrates on curbing the ability of corporations, non-government entities, and private individuals to collect and use information about where you are—or where you’ve been.

The Location Privacy Protection Act seeks to protect consumer privacy by making it presumptively illegal for non-government entities to collect your geolocation information. There are, of course, exceptions to this proposed rule. The first exception is consent. Individuals could “opt-in” to being tracked. The other main exception is for safety in emergency situations.

In order to enforce the protections in the bills, the Location Privacy Protection Act creates a private right to civil action. Individuals and State Attorney Generals could sue entities that violate the act for equitable relief as well as for statutory damages. In order to bring a suit, potential damages would have to be beyond a $2,500 threshold—in other words, the minimum amount to get out small claims courts. Successful plaintiffs would also be eligible for punitive damages and other equitable damages that the court finds appropriate.

The statute of limitation in the Location Privacy and Protection Act is modest. It is two years from the time the victim actually learned that the violation had taken place. This limitation is fair in that it serves to protect corporations from unanticipated lawsuits, and at the same time gives plaintiffs a fighting chance to pursue a claim. It is also notably different from the statue of limitations in the GPS Act which sets the two-year clock running from the time the victim could have reasonably known that the violation had taken place.

In total, the bill appears to be a fair attempt to protect consumer privacy and bring some certainty to how geolocation information can be used throughout the country.

Currently consumer geolocation information is governed by the privacy policies of companies and a patchwork of various state laws. There are also a few state court cases which are beginning to define the parameters of consumer geolocation privacy with regards to other private individuals and entities (as opposed to law enforcement). This year, for example, the California Supreme Court broadly interpreted the California Credit Card Act to prohibit companies from collecting and compiling zipcode information from costumers. (Pineda v. Williams-Sonoma, S178241 (Cal. Supreme Court; Feb. 10, 2011)). The court decision leaves open the possibility that the California Credit Card Act might also protect other information used to identify individuals, like geolocation data.