Rendered at 23:36:37 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
jmward01 42 minutes ago [-]
Given the actual informed and uncoerced choice, people say no to this kind of collection and especially its sale or use for any purpose other than the explicit service they thought they were allowing it for (navigation, setting the time, etc etc). This is true for basically all information collected. I'm glad to see there is some minor protection language being included but it needs to have real teeth and get to the point. If you collect data from me under false pretenses or using coercive methods (you can't use the thing you just paid a lot of money for if you say no) you will not only be fined but criminally prosecuted.
amatecha 9 minutes ago [-]
Completely agreed. Even for people who are like "I have nothing to hide", the only people who think this way are simply unaware of just how much harm can come to them without the protection of privacy (and laws that ensure this)... or they just have no self-preservation instinct, I guess?
danielrmay 2 hours ago [-]
A good start. From 2024: "A company allegedly tracked people’s visits to nearly 600 Planned Parenthood locations across 48 states and provided that data for one of the largest anti-abortion ad campaigns in the nation, according to an investigation" - https://www.politico.com/news/2024/02/13/planned-parenthood-...
giantg2 56 minutes ago [-]
And that's pretty much the most benign use case too.
avarun 31 minutes ago [-]
As long as this is actually about "sale" of data and actually imposes strict limits on data brokers and all the nefarious actors out there, I am all for it.
If it's more similar to the California law, which just calls all uses of data "selling data" and just ends up muddying the waters without actually imposing any regulations of value on the bad actors in the industry, then that would be a shame.
There is value to actually keeping the meaning of words clear and consistent. I have no issues with Google using its first-party Google Maps data to serve me better recommendations. I have massive issues with AT&T selling aggregated geolocation data that makes it easy to identify individuals to third parties. I hope this is a clear path towards banning the latter without touching the former.
peter303 2 hours ago [-]
NYTimes article a few years ago on how car insurance companies were using such data. Tracking sudden stoos, driving at night, driving faster than 80 mph, etc.
codazoda 56 minutes ago [-]
As an aside…
I wonder why “80 mph” was picked as an arbitrary value. In rural areas of Utah we have 80 mph posted limits and prima facie speed laws. A lot of Utah drivers regularly exceed 80 MPH and I’d argue they do so legally. It’s just a weird number for them to pick.
tzs 44 minutes ago [-]
They may be looking at a correlation between speed and claims rather than whether or not the speed is legal. Accidents at 80 mph will tend to be more severe, and possibly also more frequent.
Note that they are also looking at night driving, which as far as I know is legal everywhere, but someone who spends a higher percentage of their time driving at night probably is a bigger risk for the insurance company than a similar person who doesn't drive as much at night.
ang_cire 50 minutes ago [-]
I'd surmise it's because several states (CA comes to the top of mind) set speeds in excess of 80 as a potential felony enhancement.
iirc in CA it's 20mph over the speed limit, or speeds over 80.
The insurance companies probably want to know who to raise rates on.
polski-g 4 minutes ago [-]
It's not arbitrary. In Virginia that's a guaranteed reckless driving charge.
gruez 10 minutes ago [-]
Aren't those collected consensually (and pretty explicitly) as part of insurance programs?
malfist 9 minutes ago [-]
Default opt in by most new cars with cellular connections
Avicebron 1 minutes ago [-]
I wonder what default opt in would be called in other consent contexts..
baranul 2 hours ago [-]
Exactly. Exchanging private and personal user data without consent and without users being aware of it, for their profits.
thephyber 1 hours ago [-]
It’s important to understand that in the USA, data is owned by the collector (eg. The app or SaaS who generated it), not the person who is described by it.
Until this legal regime changes, we will constantly be playing whack-a-mole with laws like this.
Hikikomori 32 minutes ago [-]
That sounds like something Europeans would do, so it's anti american.
charcircuit 1 hours ago [-]
The economy is not 0 sum. Someone else profiting doesn't hurt you.
jsrozner 52 minutes ago [-]
You’re right and wrong: today’s economy is often negative sum from total utility perspective. It hurts society and the person but it helps Mark Suckerberg and Scam Altman and the private equity firms.
It’s positive sum from a wealth-weighted utility calculation though. And that’s why it happens.
markdown 1 hours ago [-]
Seems you missed that part that DOES hurt us:
> Exchanging private and personal user data without consent and without users being aware of it
charcircuit 46 minutes ago [-]
This information allows other companies to make more informed decisions. Other companies making better decisions doesn't "hurt us".
topgrain2 3 minutes ago [-]
Companies’ executives and top investors should let us see their location data then. And open up every part of their internal comms that don’t directly disclose trade secrets. At least the metadata!
It doesn’t hurt them, just lets us make better decisions, after all. There does not exist a good reason they’d object!
blitzar 40 minutes ago [-]
We collect your data, sell it to the highest bidder and sun ourselves on a yacht we bought with the proceeds ... "to help you".
Avicebron 33 minutes ago [-]
And when those "informed decisions" are denying healthcare/insurance/loans/what have you?
dv_dt 2 hours ago [-]
So let's say a Delaware incorporated company sells location data that happens to be collected in Virginia, but its sold from the corporation with no operations in Virginia. What happens? On the other hand us-east-1 is in Virginia with who knows how many payment processing servers running.
b40d-48b2-979e 1 hours ago [-]
The same thing that happens in court cases across state lines. It goes to one of the jurisdictions in a lawsuit unless it qualifies for diversity jurisdiction and goes to a federal court.
thephyber 1 hours ago [-]
Most likely the vendor will make a judgement call about whether they care to comply. If they do want to comply, they will likely exempt all Virginia data from the collected data set and contractually require and downstream user to indemnify them if a Virginia person is affected by their data set.
HoldOnAMinute 58 minutes ago [-]
So, they are collecting geolocation data to avoid selling geolocation data.
BRILLIANT
janalsncm 2 hours ago [-]
Note that this article is from April and the ban went into effect July 1.
erentz 23 minutes ago [-]
What is the rationale for going to the trouble of such a law but only banning sale, rather than all sharing?
Frost1x 10 minutes ago [-]
Good question, I’m curious too. 911 services and cell providers come to mind, as well as subpoenaed data from law enforcement? Perhaps?
Third party commercial entities like cell providers are collecting and sharing it out of necessity but I’m guessing not selling it?
But that opens an interesting loop hole it seems where you could open a share agreement and then through other mechanisms recover the fee you’d otherwise charge for.
Provider A wants to sell data to provider B and provider B wants to buy from provider A but they legally can’t. So instead provider A just tucks the cost in some other unrelated contract with provider B with a wink wink, handshake, nod, their “relationship” then just makes them want to share the data at “no charge.” Both know the fees are tucked in other agreements, although only provider A knows the itemized cost, provider B just wonders if the cost of the other package + their friendship handshake sharing of geolocation data is worth that total cost.
To be fair, until money comes into play people tend to be less nefarious about their uses of information and intentions. Not always, but on average.
polski-g 3 minutes ago [-]
Because the data is very helpful in pricing risk of drivers in insurance premiums. Obviously risky drivers should be charged a higher rate.
macinjosh 6 minutes ago [-]
What a coincidence that northern Virginia is spy central.
raychis 2 hours ago [-]
Honestly, it’s wild that selling people’s precise location data was ever treated like a normal business model.
We already know massive data harvesting has happened. Laws like this are just the bare minimum for catching up.
Would be nice if they could bring in laws that would punish these companies out of existence, but I doubt it.
nickvec 25 minutes ago [-]
Have any other states banned the sale of geolocation data?
petercooper 1 hours ago [-]
I was intrigued, because even a broad location given for an IP address is "geolocation data", but the law says "precise geolocation data" which limits it to device-reported data, I assume.
mathgeek 1 hours ago [-]
It likely fits the definition of precise location data that you can configure on mobile settings (it's a finer grained option you can enable when sharing your location).
kube-system 1 hours ago [-]
Laws typically define terms like this, and this law is no exception.
> "Precise geolocation data" means information derived from technology, including but not limited to global positioning system level latitude and longitude coordinates or other mechanisms, that directly identifies the specific location of a natural person with precision and accuracy within a radius of 1,750 feet. "Precise geolocation data" does not include the content of communications or any data generated by or connected to advanced utility metering infrastructure systems or equipment for use by a utility.
> Virginia follows Maryland and Oregon in banning the sale of geolocation data. Both Maryland and Oregon more broadly define “sale” to mean the exchange of personal data “for monetary or other valuable consideration.” Virginia joins several other states that have recently proposed legislation with similar bans, including California, Massachusetts, Vermont and Washington State. The legislative activity follows regulatory scrutiny on the sale of geolocation data, including the California Attorney General’s investigation into the location data industry in March 2025, and a 2024 FTC settlement banning a data broker from selling geolocation data.
(i could not find a state legislation tracker regarding this type of legislation, please feel free to drop it in a reply if you find one!)
Funny how two states with a large number of elected officials living in them opt for privacy first.
2 hours ago [-]
lysace 51 minutes ago [-]
This is going to spread like wildfire. ("We can do that?")
throwaway85825 42 minutes ago [-]
*except sale to the government?
arcticbison 1 hours ago [-]
[dead]
nekusar 2 hours ago [-]
So, instead you buy a "custom computer", and the data is completely free!
Its like how FLOCK gets around pesky data laws. The devices coat a lot, but the software dashboard access is "Completely free*"
hydrogen7800 2 hours ago [-]
I can't find it so it's probably just a myth, but I recall hearing about "free beer with purchase of food" at bars during prohibition. However, I think it was more than just the sale that was prohibited.
VBprogrammer 2 hours ago [-]
I used to regularly go to a comedy show on the site of an old brewery in Wandsworth. The comedy cost £20 but the beer was free. Apparently the site was the oldest continuous used brewery in Europe and the head brewer decided to keep the record going after the site was sold to a property development company. However, there was a prohibition against competition and licensing issues meaning they couldn't charge for beer.
Cycl0ps 2 hours ago [-]
Raines Law in that late 1800s put restrictions on the sale of alcohol in NY on Sundays. Bartenders used a loophole of the drinks being served with a meal to get around it.
They would make a single sandwich, "serve" it to the patron along with their drink, then immediately take back the sandwich to "serve" it to the next person wanting a drink
I've been to bars that required you to buy a bowl of popcorn or some such in order to abide by their restrictive liquor license which only allowed sale with food.
fastball 2 hours ago [-]
Is that what Flock does?
blitzar 37 minutes ago [-]
I for one am glad to hear they have some standards over there and refuse to profit from exploiting peoples private information.
If it's more similar to the California law, which just calls all uses of data "selling data" and just ends up muddying the waters without actually imposing any regulations of value on the bad actors in the industry, then that would be a shame.
There is value to actually keeping the meaning of words clear and consistent. I have no issues with Google using its first-party Google Maps data to serve me better recommendations. I have massive issues with AT&T selling aggregated geolocation data that makes it easy to identify individuals to third parties. I hope this is a clear path towards banning the latter without touching the former.
I wonder why “80 mph” was picked as an arbitrary value. In rural areas of Utah we have 80 mph posted limits and prima facie speed laws. A lot of Utah drivers regularly exceed 80 MPH and I’d argue they do so legally. It’s just a weird number for them to pick.
Note that they are also looking at night driving, which as far as I know is legal everywhere, but someone who spends a higher percentage of their time driving at night probably is a bigger risk for the insurance company than a similar person who doesn't drive as much at night.
iirc in CA it's 20mph over the speed limit, or speeds over 80.
The insurance companies probably want to know who to raise rates on.
Until this legal regime changes, we will constantly be playing whack-a-mole with laws like this.
It’s positive sum from a wealth-weighted utility calculation though. And that’s why it happens.
> Exchanging private and personal user data without consent and without users being aware of it
It doesn’t hurt them, just lets us make better decisions, after all. There does not exist a good reason they’d object!
BRILLIANT
Third party commercial entities like cell providers are collecting and sharing it out of necessity but I’m guessing not selling it?
But that opens an interesting loop hole it seems where you could open a share agreement and then through other mechanisms recover the fee you’d otherwise charge for.
Provider A wants to sell data to provider B and provider B wants to buy from provider A but they legally can’t. So instead provider A just tucks the cost in some other unrelated contract with provider B with a wink wink, handshake, nod, their “relationship” then just makes them want to share the data at “no charge.” Both know the fees are tucked in other agreements, although only provider A knows the itemized cost, provider B just wonders if the cost of the other package + their friendship handshake sharing of geolocation data is worth that total cost.
To be fair, until money comes into play people tend to be less nefarious about their uses of information and intentions. Not always, but on average.
We already know massive data harvesting has happened. Laws like this are just the bare minimum for catching up.
Would be nice if they could bring in laws that would punish these companies out of existence, but I doubt it.
> "Precise geolocation data" means information derived from technology, including but not limited to global positioning system level latitude and longitude coordinates or other mechanisms, that directly identifies the specific location of a natural person with precision and accuracy within a radius of 1,750 feet. "Precise geolocation data" does not include the content of communications or any data generated by or connected to advanced utility metering infrastructure systems or equipment for use by a utility.
https://law.lis.virginia.gov/vacode/title59.1/chapter53/sect...
Or rather, only worthwhile as a straw-man you can point to and say "Look, we stopped it!" when you know that's false.
> Virginia follows Maryland and Oregon in banning the sale of geolocation data. Both Maryland and Oregon more broadly define “sale” to mean the exchange of personal data “for monetary or other valuable consideration.” Virginia joins several other states that have recently proposed legislation with similar bans, including California, Massachusetts, Vermont and Washington State. The legislative activity follows regulatory scrutiny on the sale of geolocation data, including the California Attorney General’s investigation into the location data industry in March 2025, and a 2024 FTC settlement banning a data broker from selling geolocation data.
(i could not find a state legislation tracker regarding this type of legislation, please feel free to drop it in a reply if you find one!)
Its like how FLOCK gets around pesky data laws. The devices coat a lot, but the software dashboard access is "Completely free*"
They would make a single sandwich, "serve" it to the patron along with their drink, then immediately take back the sandwich to "serve" it to the next person wanting a drink
https://www.atlasobscura.com/articles/raines-sandwich