Data Privacy: California AG Announces CCPA Sweep of Location Data Industry

Earlier this month, California Attorney General Rob Bonta announced an enforcement sweep targeting violations of California’s Consumer Privacy Act by the location data industry.  This excerpt from the AG’s announcement summarizes what he’s hunting for – and why:

California Attorney General Rob Bonta today announced an ongoing investigative sweep into the location data industry, sending letters to advertising networks, mobile app providers, and data brokers that appear to be in violation of the California Consumer Privacy Act (CCPA). Some Mobile apps collect vast amounts of detailed data on consumers’ location and share this information with advertising networks and data brokers, which further sell and disseminate the data.

This enforcement sweep focuses on how covered businesses offer and effectuate consumers’ right to stop the sale and sharing of personal information and right to limit the use of their sensitive personal information, which includes geolocation data. The letters issued as part of the sweep announced today notify recipients of a potential violation of CCPA requirements and request additional information regarding the recipient’s business practices. The risk posed by the widespread collection and sale of location data has become immediately and particularly relevant given federal threats to California’s immigrant communities, and to reproductive and gender-affirming healthcare.

The CCPA allows California consumers to direct businesses to only use their sensitive personal information, including location information, for limited purposes, such as providing consumers with the services they requested and to request that businesses stop selling or sharing personal information. Location data is included within the scope of the CCPA, and is particularly sensitive because it can be used to track a person’s movements or to identify them.