A good start. From 2024: "A company allegedly tracked people’s visits to nearly 600 Planned Parenthood locations across 48 states and provided that data for one of the largest anti-abortion ad campaigns in the nation, according to an investigation" - https://www.politico.com/news/2024/02/13/planned-parenthood-...
So let's say a Delaware incorporated company sells location data that happens to be collected in Virginia, but its sold from the corporation with no operations in Virginia. What happens? On the other hand us-east-1 is in Virginia with who knows how many payment processing servers running.
NYTimes article a few years ago on how car insurance companies were using such data. Tracking sudden stoos, driving at night, driving faster than 80 mph, etc.
Note that this article is from April and the ban went into effect July 1.
As long as this is actually about "sale" of data and actually imposes strict limits on data brokers and all the nefarious actors out there, I am all for it.
If it's more similar to the California law, which just calls all uses of data "selling data" and just ends up muddying the waters without actually imposing any regulations of value on the bad actors in the industry, then that would be a shame.
There is value to actually keeping the meaning of words clear and consistent. I have no issues with Google using its first-party Google Maps data to serve me better recommendations. I have massive issues with AT&T selling aggregated geolocation data that makes it easy to identify individuals to third parties. I hope this is a clear path towards banning the latter without touching the former.
So, what sort of gymnastics do alpr companies need to play to defend their activities don't break this new ban?
My puny brain can't understand why it wouldn't be relevant. Or is it?
What is the rationale for going to the trouble of such a law but only banning sale, rather than all sharing?
“ Virginia follows Maryland and Oregon in banning the sale of geolocation data. Both Maryland and Oregon more broadly define “sale” to mean the exchange of personal data “for monetary or other valuable consideration.”
I didn’t know this, but I am glad my State already had this! We do some things right.
Honestly, it’s wild that selling people’s precise location data was ever treated like a normal business model.
We already know massive data harvesting has happened. Laws like this are just the bare minimum for catching up.
Would be nice if they could bring in laws that would punish these companies out of existence, but I doubt it.
As someone who works in a space where we buy ads, I love things like this. Data points like this just shouldn't be on the table for sale. Just makes sure that we don't depend on best intentions alone to make sure we protect people. A step in the right direction.
I was intrigued, because even a broad location given for an IP address is "geolocation data", but the law says "precise geolocation data" which limits it to device-reported data, I assume.
Have any other states banned the sale of geolocation data?
Great, now you have to ban sharing of it, or banning sale is worthless.
Or rather, only worthwhile as a straw-man you can point to and say "Look, we stopped it!" when you know that's false.
Bill: https://lis.virginia.gov/bill-details/20261/SB338/text/SB338
> Virginia follows Maryland and Oregon in banning the sale of geolocation data. Both Maryland and Oregon more broadly define “sale” to mean the exchange of personal data “for monetary or other valuable consideration.” Virginia joins several other states that have recently proposed legislation with similar bans, including California, Massachusetts, Vermont and Washington State. The legislative activity follows regulatory scrutiny on the sale of geolocation data, including the California Attorney General’s investigation into the location data industry in March 2025, and a 2024 FTC settlement banning a data broker from selling geolocation data.
(i could not find a state legislation tracker regarding this type of legislation, please feel free to drop it in a reply if you find one!)
This is an actually great move.
As someone who frequently travels to Virginia, this is great news.
What I find confusing is that I know an infinite plethora of companies have geolocation data in everyone.... But I look at my fairly-stock Pixel phone and the only things with background geolocation permissions are Google apps, and I know google famously hoards that data like a dragon.
Is it just that people are happily allowing every app access to live geoloc data even in background? Is there some edge where "while in use" apps are "in use" during cases you wouldn't think they are? Is it my Samsung watch?
That's a step into the right direction. I can only imagine how much pain has been inflicted with metadata.
I cant wait for the feds to sue them for.. something
What a coincidence that northern Virginia is spy central.
This is going to spread like wildfire. ("We can do that?")
*except sale to the government?
[flagged]
[dead]
So, instead you buy a "custom computer", and the data is completely free!
Its like how FLOCK gets around pesky data laws. The devices coat a lot, but the software dashboard access is "Completely free*"
Given the actual informed and uncoerced choice, people say no to this kind of collection and especially its sale or use for any purpose other than the explicit service they thought they were allowing it for (navigation, setting the time, etc etc). This is true for basically all information collected. I'm glad to see there is some minor protection language being included but it needs to have real teeth and get to the point. If you collect data from me under false pretenses or using coercive methods (you can't use the thing you just paid a lot of money for if you say no) you will not only be fined but criminally prosecuted.