Hawai’i Governor David Ige (D) has vetoed HB702 HD1 SD2, which would have restricted the sale of certain location information. The governor explained that the “lack of clarity in this bill as currently drafted will lead to ambiguity, confusion, and unintended consequences should it become law.” He’s right. The legislation read as follows:
“No person shall sell or offer for sale location data that is recorded or collected by a satellite navigation technology equipped device without the explicit consent of the individual who is the primary user of the satellite navigation technology equipped device.”
This sparse language would have created questions like:
- What does “sell” mean?
- What does “offer for sale” mean?
- What is “location data”? Does it include only data that specifically describes a location, such as latitude and longitude, or does it include raw data from which location information can be inferred, such as the SSIDs and strengths of nearby WiFi network signals? Does it include mere location segment information (like “frequent café visitor”)?
- What does “recorded or collected by a … device” mean when an SDK embedded in an app on such a device merely facilitates the collection of such information by a third-party server?
- What is “explicit consent”?
- How can anyone know for sure who the “primary user” of a device is?
*** This is a Security Bloggers Network syndicated blog from Law Across the Wire and Into the Cloud authored by Mason Weisz. Read the original post at: https://blog.zwillgen.com/2019/07/18/geolocation-sale-bill-vetoed-hawaii-governor/