alt.hn

7/2/2026 at 9:03:45 PM

Virginia bans sale of precise geolocation data

https://www.hunton.com/privacy-and-cybersecurity-law-blog/virginia-bans-sale-of-geolocation-data

by toomuchtodo

7/2/2026 at 9:56:32 PM

So let's say a Delaware incorporated company sells location data that happens to be collected in Virginia, but its sold from the corporation with no operations in Virginia. What happens? On the other hand us-east-1 is in Virginia with who knows how many payment processing servers running.

by dv_dt

7/2/2026 at 10:08:12 PM

The same thing that happens in court cases across state lines. It goes to one of the jurisdictions in a lawsuit unless it qualifies for diversity jurisdiction and goes to a federal court.

by b40d-48b2-979e

7/3/2026 at 5:35:30 AM

Okay I tend to agree with the CivPro analysis here, but the parent was probably more concerned with the result on the merits.

by piker

7/2/2026 at 10:23:22 PM

Most likely the vendor will make a judgement call about whether they care to comply. If they do want to comply, they will likely exempt all Virginia data from the collected data set and contractually require and downstream user to indemnify them if a Virginia person is affected by their data set.

by thephyber

7/2/2026 at 10:38:42 PM

So, they are collecting geolocation data to avoid selling geolocation data.

BRILLIANT

by HoldOnAMinute

7/3/2026 at 1:39:51 AM

from the Youtube kids business, its pretty clear that even when they pretend to not know the details of whos being targeted, they still do, and sell targeted data as such

soo, might as well have the proper details be collected and not sellable, than collected/inferred and still sellable

by 8note

7/3/2026 at 12:31:36 AM

If the Delaware company has zero presence in Virginia then the state of Virginia can't do anything about it.

The presence of us-east-1 in Virginia probably will complicate the matter considerably and I'm guessing it's something the courts would need to sort out.

by spiralpolitik

7/3/2026 at 1:38:04 AM

whoever collected it in virginia, selling it to the delaware company would be screwed though?

by 8note

7/3/2026 at 4:21:51 AM

Yeah, someone is at risk of trafficking the gps data out of Virginia initially.

by bitmasher9

7/3/2026 at 9:22:42 PM

[flagged]

by tomeow

7/3/2026 at 3:20:19 AM

The article is misleading. The sale of geolocation data can still take place but not for precise locations. The bill prevents the sale of data that can identify you within 1750ft. You can still be tracked just not precisely. i.e. companies will just sell fuzzy geolocation data.

by ascotan

7/3/2026 at 4:37:17 AM

Yeesh. Collect enough fuzzy data and you can identify a lot about someone.

by abustamam

7/3/2026 at 12:28:18 PM

Yes. This general problem is known as "k-anonymity". It's worth everyone who works with any sort of personally-identifiable data to read the original paper because the framework they identified is still really helpful for thinking about these issues. https://dataprivacylab.org/dataprivacy/projects/kanonymity/p...

by seanhunter

7/3/2026 at 9:26:37 AM

8 hours in fuzzy spot one, 8 hours in fuzzy spot two, fitting some gaussian distribution, and then a few points at other times, and boom, not anonymous at all.

by titzer

7/3/2026 at 12:54:19 PM

add Cauchy noise, problem solved, right? …right?

by baq

7/3/2026 at 8:12:23 AM

Indeed, I am pretty sure an algorithm exists which both complies with the law and decompiles fuzzy data to 'less fuzzy' data, i.e. identifying data, thus obviating the ban.

by 6LLvveMx2koXfwn

7/3/2026 at 5:14:28 AM

Yeah I don't understand how something like this makes any sense. Just average out the data points and you're going to get pretty much a straight line path of where and what somebody did. Maybe if there's like one data point per week per person, but even that's going to be pretty informative when averaged as to exactly where somebody lives, works, and so on.

by somenameforme

7/3/2026 at 7:36:25 AM

Depends on if the independent events are uncorrelated. For example, if they had to be quantized to a grid of length 1750ft and quantized sufficiently in time as well, it might be impossible to average out since the various data points provide no new information.

by ezwoodland

7/3/2026 at 3:20:43 PM

This is why I posted the k-anonymity paper. A dataset is k-anonymous if using the dataset is is not possible to distinguish a given person in the dataset from k other people. Then we set a value of k we feel comfortable with and from that we can back into the areas which intuitively you would think would need to vary in size based on time of day and how many people travel through each area in the dataset.

It’s a lot of work but this is what you need to do to guarantee a given (non-zero) level of privacy. It can be done if people are serious about it.

by seanhunter

7/3/2026 at 1:43:35 PM

It's a classic legislation move to look like you're doing something in order to shut down public displeasure, while not actually doing anything.

by gwerbin

7/3/2026 at 6:35:37 AM

I assume this depends if 1750ft means the location you can derive from the data (together with other data) or the precision of the individual data point

by breppp

7/3/2026 at 8:45:16 AM

So, the fact that you went to a medical center just not the specific doctors office?

This seems weak.

by datahack

7/3/2026 at 10:42:37 AM

That’s effectively always the point in this fake America (and no, that’s not a recent characteristic), misleading; or more specifically false confession, preemptive narrative control, and a form of poisoning the well.

See, peasants, we passed a bill to stop location data selling and the organs of the state called the mainstream media have triangulated and validated that for you; so now you can stop talking about your location data or that you live in a surveillance state that is inherently legitimizing of this fake American government that is a contradiction to the Constitution and the revolution in every single possible way.

by roysting

7/2/2026 at 9:03:46 PM

Bill: https://lis.virginia.gov/bill-details/20261/SB338/text/SB338

> Virginia follows Maryland and Oregon in banning the sale of geolocation data. Both Maryland and Oregon more broadly define “sale” to mean the exchange of personal data “for monetary or other valuable consideration.” Virginia joins several other states that have recently proposed legislation with similar bans, including California, Massachusetts, Vermont and Washington State. The legislative activity follows regulatory scrutiny on the sale of geolocation data, including the California Attorney General’s investigation into the location data industry in March 2025, and a 2024 FTC settlement banning a data broker from selling geolocation data.

(i could not find a state legislation tracker regarding this type of legislation, please feel free to drop it in a reply if you find one!)

by toomuchtodo

7/2/2026 at 10:02:14 PM

Funny how two states with a large number of elected officials living in them opt for privacy first.

by kevin_thibedeau

7/3/2026 at 12:17:02 AM

In fact, most states have a large number of elected officials in them, especially those elected officials who hold the legislative power of that state.

But if you meant the 500ish elected federal officials, most of whom are not Virginians or Marylanders, and so have neither any influence as voters nor as legislators, then... well I'm still not sure what you mean. Privacy laws are good. I don't see a reason to be cynical.

by cvoss

7/2/2026 at 9:30:43 PM

Note that this article is from April and the ban went into effect July 1.

by janalsncm

7/3/2026 at 9:04:20 AM

Would love if someone with experience could chime in. I've been reading about the geo data market for over two decades now but still have no real sense of its value. What does this data typically cost? And can you specify particular locations/targeting points, or do you just get whatever's available in a broader dataset?

by trentor

7/2/2026 at 10:54:26 PM

Given the actual informed and uncoerced choice, people say no to this kind of collection and especially its sale or use for any purpose other than the explicit service they thought they were allowing it for (navigation, setting the time, etc etc). This is true for basically all information collected. I'm glad to see there is some minor protection language being included but it needs to have real teeth and get to the point. If you collect data from me under false pretenses or using coercive methods (you can't use the thing you just paid a lot of money for if you say no) you will not only be fined but criminally prosecuted.

by jmward01

7/2/2026 at 11:27:41 PM

Completely agreed. Even for people who are like "I have nothing to hide", the only people who think this way are simply unaware of just how much harm can come to them without the protection of privacy (and laws that ensure this)... or they just have no self-preservation instinct, I guess?

by amatecha

7/3/2026 at 12:07:55 AM

So, aside from nothing to hide domestic/family violence and stalking, the fact that they can and will build an inference about you to attempt to influence your choices is fundamentally menacing to every person.

Corporate stalking has become so normalised (and provides so many livings) that we are through the other side.

Half a millennium ago they tried to control us by restricting our access to information to control what we think, now they bombard us with it to control what we think.

by Affric

7/3/2026 at 4:12:13 AM

> or they just have no self-preservation instinct

I actually feel this way very often when talking to some younger people online. I wonder if they really competely lack this skill, or their desire for upvotes online leads to them expressing compassionate, but stupid and dangerous, conclusions.

by dotancohen

7/3/2026 at 5:53:22 AM

They didn’t grow up before all this was completely normal. And before we throw too many stones at them, we should all maybe consider how many of us in this thread contribute to the “attention economy” in one form or another, most of which drives everyone into the corral to have their data collected.

It’s easy to point fingers at young people and treat them as ignorant/not caring about what matters, but they were born into and grew up in the world we built and continue to build.

by Forgeties79

7/3/2026 at 4:11:44 AM

The "I have nothing to hide people" are the reason our privacy rights have eroded.

by xor_589

7/3/2026 at 12:22:02 AM

If I was rich, wouldn't I just pay the fines though? I hear about megacops fined billions of dollars every year for doing this shit they don't give a fuck

Edit: Okay my brain processed the information now, criminal prosecution sounds like slightly more deterrence. (Nobody would do an illegal thing, after all ;)

by andai

7/3/2026 at 12:28:35 AM

Criminal prosecution isn't even an issue because it does not extend to the executives. PG&E somehow keeps paying fines to resolve murder charges.

https://liberationnews.org/pges-rap-sheet-the-criminal-histo...

by dsl

7/3/2026 at 12:48:25 AM

Hence, the alleged action of Luigi Mangione.

If the law of the government doesn't catch up, eventually the law of the jungle will. But maybe not in their lifetimes.

As President John Fitzgerald Kennedy said: "Those who make peaceful revolution impossible, make violent revolution inevitable."

by toss1

7/2/2026 at 11:50:15 PM

What's the limit of coercion?

Can someone provide a product that loudly says "we will sell your geolocation data" on checkout?

Is it coercion if you simply want the product?

by s1artibartfast

7/2/2026 at 11:58:51 PM

Yes. Paying the money the data is worth isn’t coercive, linking some other transaction to selling your location data is.

This includes having a discount larger than what your location data is worth. IE: I’ll sell you this car for 50k, o you want it without location tracking that will be 150k.

by Retric

7/3/2026 at 2:09:34 AM

I think the practice of tying the use of one product to coerce the loss of rights of your private data has some comparables (noted below).

The law seems to recognize that companies coercing someone to give up money using tie-ins may be illegal but is not yet recognizing data as a monetary equivalent. Because it’s not money it’s not regulated.

Isn’t it time that our data be treated as the exchange of value that it is? And the coercion should be something we are protected against?

1. abuse of monopoly power in tie-in sales.

https://www.ftc.gov/advice-guidance/competition-guidance/gui...

2. Freebie marketing

https://en.wikipedia.org/wiki/Razor-and-blades_model

3. RESPA

https://www.investopedia.com/terms/r/real-estate-settlement-...

by rubyfan

7/3/2026 at 12:31:30 AM

If thats the standard, then I suggest people find a less polarizing word with a clearer definition.

Putting the semantics aside, Who decides what it is worth and to whom?

Why wouldn't a company sell a car without geodata for what it is worth? Maybe it is worth 150k to them because that is what some people will pay the maximum return price point for that package?

by s1artibartfast

7/3/2026 at 12:43:33 AM

One of the major things courts do is price stuff, ie how much is a lost leg worth.

The question isn’t what’s the value of not being tracked, the question is what’s tracking data itself is worth. Here what the company actually makes selling the data puts an actual price on what that data is worth.

If you can make 50$/year selling the data and want to pay someone 40$ to be tracked that’s a reasonable transaction, if you want to charge them 1,000$/year not to be tracked than it’s no longer about what the data itself is worth.

by Retric

7/3/2026 at 3:16:14 AM

A court will decide the cost of a leg someone lost in an accident.

However, If Elon wants your leg as a sex toy, a court won't set a price and force you to sell it.

by s1artibartfast

7/3/2026 at 3:39:06 AM

Finding the actual value has nothing to do with forcing the sale.

The point is Elon can’t price Starlink at 1 billion dollars a month then give a 999,999,900 discount if you give up your privacy. At that point the bundle is coercive.

by Retric

7/3/2026 at 5:23:51 AM

I dont think that is coercive. I dont think coercion has anything to do with finding the value. It is "coercive" if he puts a bullet in your brain if you buy neither option.

by s1artibartfast

7/3/2026 at 5:42:02 AM

Legally have “sex with me or lose your job” is considered coercion without any direct threat of force. Sleep with me and I’ll pay you 10k isn’t.

The difference is leveraging something else in the transaction not just payment.

by Retric

7/3/2026 at 5:01:54 PM

By that definition a 150k car clearly isnt. It is obviously payment inside the transaction

by s1artibartfast

7/3/2026 at 12:43:24 AM

There is a valid debate but the example I gave clearly coerced the consumer. They had paid for something with the expectation of use and then were hit with a requirement to give consent after the transaction. We shouldn't let some grey area prevent us from stopping the ongoing harm. One side has clearly been abusing the other. If a law goes just a little to far in favor of the consumer I think we can all agree that is better than letting the consumer be completely abused without protections. You don't let an attacker keep punching their victim because we gotta get the laws perfect to act to stop them. Act and reduce the harm and then adjust to get the balance right.

by jmward01

7/3/2026 at 1:36:53 AM

GDPR does a great job defining this iirc?

gating the product on unrelated data access is coercive

by 8note

7/2/2026 at 11:05:39 PM

As long as this is actually about "sale" of data and actually imposes strict limits on data brokers and all the nefarious actors out there, I am all for it.

If it's more similar to the California law, which just calls all uses of data "selling data" and just ends up muddying the waters without actually imposing any regulations of value on the bad actors in the industry, then that would be a shame.

There is value to actually keeping the meaning of words clear and consistent. I have no issues with Google using its first-party Google Maps data to serve me better recommendations. I have massive issues with AT&T selling aggregated geolocation data that makes it easy to identify individuals to third parties. I hope this is a clear path towards banning the latter without touching the former.

by avarun

7/3/2026 at 6:03:50 AM

To be fair, the reason the CA laws are much more expansive on all uses of data is because companies have tried a number of arrangements to get around the definition of "sale". This was Sephora's defense back in the first CCPA case, that their data sharing relationship in exchange for targeted marketing services was not "selling" data:

https://ccpa.world/enforcement/sephora-sale-of-pi

by jboggan

7/3/2026 at 11:11:03 AM

The biggest issue is that enforcement and litigation is limited to the VA AG. You and I as wronged citizens can't go sue.

That's corny capitalism. A sibling post that talked about 1750 ft or whatever is just noise.

by prasadjoglekar

7/2/2026 at 9:56:41 PM

Honestly, it’s wild that selling people’s precise location data was ever treated like a normal business model.

We already know massive data harvesting has happened. Laws like this are just the bare minimum for catching up.

Would be nice if they could bring in laws that would punish these companies out of existence, but I doubt it.

by raychis

7/2/2026 at 11:13:19 PM

What is the rationale for going to the trouble of such a law but only banning sale, rather than all sharing?

by erentz

7/2/2026 at 11:26:57 PM

Good question, I’m curious too. 911 services and cell providers come to mind, as well as subpoenaed data from law enforcement? Perhaps?

Third party commercial entities like cell providers are collecting and sharing it out of necessity but I’m guessing not selling it?

But that opens an interesting loop hole it seems where you could open a share agreement and then through other mechanisms recover the fee you’d otherwise charge for.

Provider A wants to sell data to provider B and provider B wants to buy from provider A but they legally can’t. So instead provider A just tucks the cost in some other unrelated contract with provider B with a wink wink, handshake, nod, their “relationship” then just makes them want to share the data at “no charge.” Both know the fees are tucked in other agreements, although only provider A knows the itemized cost, provider B just wonders if the cost of the other package + their friendship handshake sharing of geolocation data is worth that total cost.

To be fair, until money comes into play people tend to be less nefarious about their uses of information and intentions. Not always, but on average.

by Frost1x

7/2/2026 at 11:33:35 PM

Because the data is very helpful in pricing risk of drivers in insurance premiums. Obviously risky drivers should be charged a higher rate.

by polski-g

7/3/2026 at 12:19:13 AM

Companies who want to use this data should gather it themselves, and transparently. Insurance companies do this, my dad had a little tracking unit in his car that I assume allowed him to pay a lower rate.

It is not gathering or using the data that is a problem, it is gathering or sharing it without awareness and consent. To be fair, even sharing/selling it would be fine assuming it happens with awareness and consent. Not buried in some ToS, but active consent.

by doginasuit

7/3/2026 at 12:28:40 AM

Unless they're disclosing exactly how the location data is being used to measure driver risk, my assumption is that it's a form of redlining. Filing my racial discrimination lawsuit nnnnnnow.

by underlipton

7/3/2026 at 9:52:51 AM

Cry me a river, insurance companies have managed to do just fine without massive privacy violations and creating a data trough for police and other pigs, ever since car insurance became a thing.

by mschuster91

7/2/2026 at 9:47:36 PM

NYTimes article a few years ago on how car insurance companies were using such data. Tracking sudden stoos, driving at night, driving faster than 80 mph, etc.

by peter303

7/2/2026 at 10:40:38 PM

As an aside…

I wonder why “80 mph” was picked as an arbitrary value. In rural areas of Utah we have 80 mph posted limits and prima facie speed laws. A lot of Utah drivers regularly exceed 80 MPH and I’d argue they do so legally. It’s just a weird number for them to pick.

by codazoda

7/2/2026 at 10:52:54 PM

They may be looking at a correlation between speed and claims rather than whether or not the speed is legal. Accidents at 80 mph will tend to be more severe, and possibly also more frequent.

Note that they are also looking at night driving, which as far as I know is legal everywhere, but someone who spends a higher percentage of their time driving at night probably is a bigger risk for the insurance company than a similar person who doesn't drive as much at night.

by tzs

7/2/2026 at 10:46:40 PM

I'd surmise it's because several states (CA comes to the top of mind) set speeds in excess of 80 as a potential felony enhancement.

iirc in CA it's 20mph over the speed limit, or speeds over 80.

The insurance companies probably want to know who to raise rates on.

by ang_cire

7/3/2026 at 1:37:39 AM

Which is crazy because when I do 80 in Mostly PA and NJ I am getting passed constantly.

by dexterdog

7/3/2026 at 3:15:53 AM

I just looked and both PA and NJ, have way below natl average car accident deaths per 100K drivers, even if death in over speeding seems to be a a significant contributing factor to overall rates.

Interesting to me. I wonder what are they doing right.

by dlev_pika

7/3/2026 at 1:59:36 AM

It's not arbitrary, there are limits of physics to how fast you can slow down on rubber wheels no matter how good your brakes are. The stopping distance starts to grow dramatically around these speeds.

by smalltorch

7/3/2026 at 1:41:23 AM

Even it it's legal, it's probably less safe. Insurance companies care about your likelihood of being in an accident that they will have to pay for, not strictly whether your driving is legal.

by SoftTalker

7/3/2026 at 1:42:53 AM

people that drive on those high speed roads are more likely to be involved in more dangerous/harmful collisions?

legally and unlikely-to-make-expensive-consequences are separate items that insurance exists to differentiate

why shouldnt people driving on such dangerous roads have to pay higher insurance rates?

by 8note

7/2/2026 at 11:32:19 PM

It's not arbitrary. In Virginia that's a guaranteed reckless driving charge.

by polski-g

7/3/2026 at 12:29:57 AM

Texas: we set the speed limit at 85.

by pixl97

7/3/2026 at 10:04:09 AM

Meanwhile Germany: that's the target speed you should aim for, but if you want to drive faster, you absolutely can.

by mschuster91

7/3/2026 at 1:34:08 AM

Not anymore. It got moved to 85 because speed limit on interstates moved to 70.

by stackskipton

7/3/2026 at 2:01:45 AM

How do one know this? I don't know where to get this information and whether to trust it.

by rirze

7/3/2026 at 2:03:01 AM

In jurisdictions where 65MPH is the highway speed limit, 80MPH is usually the "reckless driving" threshold. And in Virginia, reckless driving is a felony misdemeanor.

by moron4hire

7/2/2026 at 9:57:57 PM

Exactly. Exchanging private and personal user data without consent and without users being aware of it, for their profits.

by baranul

7/2/2026 at 10:19:03 PM

It’s important to understand that in the USA, data is owned by the collector (eg. The app or SaaS who generated it), not the person who is described by it.

Until this legal regime changes, we will constantly be playing whack-a-mole with laws like this.

by thephyber

7/2/2026 at 11:04:11 PM

That sounds like something Europeans would do, so it's anti american.

by Hikikomori

7/3/2026 at 4:42:18 AM

In Europe, who owns the copyright of a photograph? The subject or the photographer?

by dotancohen

7/3/2026 at 10:57:53 AM

If a company writes down my personal information do they now own it?

by Hikikomori

7/2/2026 at 10:30:32 PM

The economy is not 0 sum. Someone else profiting doesn't hurt you.

by charcircuit

7/2/2026 at 10:44:27 PM

You’re right and wrong: today’s economy is often negative sum from total utility perspective. It hurts society and the person but it helps Mark Suckerberg and Scam Altman and the private equity firms.

It’s positive sum from a wealth-weighted utility calculation though. And that’s why it happens.

by jsrozner

7/2/2026 at 10:35:41 PM

Seems you missed that part that DOES hurt us:

> Exchanging private and personal user data without consent and without users being aware of it

by markdown

7/2/2026 at 10:50:56 PM

This information allows other companies to make more informed decisions. Other companies making better decisions doesn't "hurt us".

by charcircuit

7/2/2026 at 11:33:21 PM

Companies’ executives and top investors should let us see their location data then. And open up every part of their internal comms that don’t directly disclose trade secrets. At least the metadata!

It doesn’t hurt them, just lets us make better decisions, after all. There does not exist a good reason they’d object!

by topgrain2

7/3/2026 at 12:07:51 AM

You can buy it from a data broker. They aren't obligated to give you this data for free.

by charcircuit

7/2/2026 at 10:56:15 PM

We collect your data, sell it to the highest bidder and sun ourselves on a yacht we bought with the proceeds ... "to help you".

by blitzar

7/2/2026 at 11:03:32 PM

And when those "informed decisions" are denying healthcare/insurance/loans/what have you?

by Avicebron

7/3/2026 at 1:17:04 AM

I personally see it as similar to fraud if you are deliberately hiding a piece of information that makes you riskier to insure or loan money to. In order to accurately assess risk you need personalized data. So I see this as being a more fair deal.

It's like when the internet made it possible to look up the price of good easily how it made it less likely for buyers to be able to lowball people. These price guides may be bad for these buyers, but it provides a more fair deal for these seller.

by charcircuit

7/3/2026 at 3:06:34 AM

I agree. If someone is found to be employed by a data broker, for example, they should be uninsurable and should not receive loans.

by iamnothere

7/3/2026 at 12:22:42 AM

More informed decision to raise revenue. Is that necessarily helping us? When you say its not affecting us, us as who? Just sounds like a karma farmer.

by steve_j_choi

7/2/2026 at 11:26:10 PM

Aren't those collected consensually (and pretty explicitly) as part of insurance programs?

by gruez

7/2/2026 at 11:28:09 PM

Default opt in by most new cars with cellular connections

by malfist

7/2/2026 at 11:35:37 PM

I wonder what default opt in would be called in other consent contexts..

by Avicebron

7/2/2026 at 11:49:49 PM

So, opt out?

by askvictor

7/2/2026 at 9:58:03 PM

A good start. From 2024: "A company allegedly tracked people’s visits to nearly 600 Planned Parenthood locations across 48 states and provided that data for one of the largest anti-abortion ad campaigns in the nation, according to an investigation" - https://www.politico.com/news/2024/02/13/planned-parenthood-...

by danielrmay

7/2/2026 at 10:40:13 PM

And that's pretty much the most benign use case too.

by giantg2

7/3/2026 at 1:11:57 AM

As someone who works in a space where we buy ads, I love things like this. Data points like this just shouldn't be on the table for sale. Just makes sure that we don't depend on best intentions alone to make sure we protect people. A step in the right direction.

by joshawash

7/2/2026 at 10:15:19 PM

I was intrigued, because even a broad location given for an IP address is "geolocation data", but the law says "precise geolocation data" which limits it to device-reported data, I assume.

by petercooper

7/2/2026 at 10:18:32 PM

It likely fits the definition of precise location data that you can configure on mobile settings (it's a finer grained option you can enable when sharing your location).

by mathgeek

7/2/2026 at 10:30:37 PM

Laws typically define terms like this, and this law is no exception.

> "Precise geolocation data" means information derived from technology, including but not limited to global positioning system level latitude and longitude coordinates or other mechanisms, that directly identifies the specific location of a natural person with precision and accuracy within a radius of 1,750 feet. "Precise geolocation data" does not include the content of communications or any data generated by or connected to advanced utility metering infrastructure systems or equipment for use by a utility.

https://law.lis.virginia.gov/vacode/title59.1/chapter53/sect...

by kube-system

7/3/2026 at 2:08:39 AM

>"Precise geolocation data" does not include the content of communications or any data generated by or connected to advanced utility metering infrastructure systems or equipment for use by a utility.

What exactly does this mean?

by smalltorch

7/3/2026 at 2:47:17 AM

Smart meters. https://en.wikipedia.org/wiki/Smart_meter

by wizzwizz4

7/3/2026 at 3:06:41 AM

Just wondering why that would be relavant to exclude

by smalltorch

7/3/2026 at 5:14:17 AM

My guess is that these devices are stationary, so their location is known.

by dotancohen

7/2/2026 at 10:52:16 PM

Yep, definitely fits with plenty of space. Thanks for confirming.

by mathgeek

7/2/2026 at 10:37:30 PM

I'm sure any coordinates would do. So long as it's not "behind the maple tree that stands across the road from Ross Dress for Less"

by markdown

7/3/2026 at 2:31:40 PM

Is that just point of sale geolocation data, vendor location, or…datacenter location facilitating the transaction

by ricksunny

7/3/2026 at 2:26:24 AM

So, what sort of gymnastics do alpr companies need to play to defend their activities don't break this new ban?

My puny brain can't understand why it wouldn't be relevant. Or is it?

by smalltorch

7/2/2026 at 11:11:23 PM

Have any other states banned the sale of geolocation data?

by nickvec

7/3/2026 at 3:32:52 AM

Why not make selling any personal data illegal in the entire country?

by emsign

7/2/2026 at 10:53:30 PM

Great, now you have to ban sharing of it, or banning sale is worthless.

Or rather, only worthwhile as a straw-man you can point to and say "Look, we stopped it!" when you know that's false.

by heroprotagonist

7/3/2026 at 5:17:36 AM

I am intrigued as an outsider, that state in US can have much stronger authority to restrict sale of such personal data.

by pineapple_opus

7/3/2026 at 6:03:28 AM

The thing to remember about US states is that conceptually they are countries bound together in a Federation. There's a crap ton of complicated rules, but generally your state has a lot more power over your life than the US Federal Government does.

by geonineties

7/3/2026 at 9:24:48 AM

I didn't read the law but the article referred to it as "personal data". It's important to note that Big Tech believes it can "anonymize" fine-grained location data but just stripping PII and assigning a semi-stable random ID. They'll then argue this law doesn't apply because of that.

That's absolute crap because geolocation data is extremely easy to de-anonymize. I wonder whose phone is at my house 12am-8am everyday, takes more or less the same route through the city, and spends hours in my office everyday. I wonder.

by titzer

7/2/2026 at 11:38:25 PM

This is an actually great move.

by CodeByBryant

7/3/2026 at 8:01:13 AM

They are a bit confused in the USA. For instance, flock cameras are used as mass spying tool. That also yields geolocation data. And also bypasses (parts of) the amendment. There is a lack of consistency here.

by shevy-java

7/3/2026 at 3:09:17 AM

“ Virginia follows Maryland and Oregon in banning the sale of geolocation data. Both Maryland and Oregon more broadly define “sale” to mean the exchange of personal data “for monetary or other valuable consideration.”

I didn’t know this, but I am glad my State already had this! We do some things right.

by dlev_pika

7/3/2026 at 12:58:19 AM

As someone who frequently travels to Virginia, this is great news.

by gulugawa

7/3/2026 at 12:56:47 AM

What I find confusing is that I know an infinite plethora of companies have geolocation data in everyone.... But I look at my fairly-stock Pixel phone and the only things with background geolocation permissions are Google apps, and I know google famously hoards that data like a dragon.

Is it just that people are happily allowing every app access to live geoloc data even in background? Is there some edge where "while in use" apps are "in use" during cases you wouldn't think they are? Is it my Samsung watch?

by Pxtl

7/3/2026 at 2:20:57 AM

The cellular companies themselves are a source for this, as they don't even need GPS or app permissions to triangulate your rough location.

Apps that have access to look for networks can also be used to infer location. E.g., combine multiple known WiFi SSIDs or Bluetooth devices together and you can get a rough location.

Also, most people just hit "accept" for a whole bunch of app permissions and just forget about it. The fact that you even know which apps have which permissions at all means you are almost certainly more careful than the average person, even though you are saying this in the context of a stock Pixel phone.

And, oh yeah, most people have much more invasive Android phone brands than Pixel...cheap phones with a bunch of carrier/advertising partner spyware sell far better than Google's phones. Does Samsung still install the Facebook app by default like they used to? I think it used to be impossible to fully delete, even!

by Grombobulous

7/2/2026 at 11:59:08 PM

That's a step into the right direction. I can only imagine how much pain has been inflicted with metadata.

by bflesch

7/2/2026 at 11:53:31 PM

I cant wait for the feds to sue them for.. something

by deaton

7/2/2026 at 10:45:29 PM

This is going to spread like wildfire. ("We can do that?")

by lysace

7/2/2026 at 11:30:37 PM

What a coincidence that northern Virginia is spy central.

by macinjosh

7/2/2026 at 10:54:22 PM

*except sale to the government?

by throwaway85825

7/2/2026 at 10:35:46 PM

[dead]

by arcticbison

7/3/2026 at 1:17:33 AM

[flagged]

by Slovian

7/3/2026 at 9:22:39 PM

[flagged]

by tomeow

7/2/2026 at 9:38:47 PM

So, instead you buy a "custom computer", and the data is completely free!

Its like how FLOCK gets around pesky data laws. The devices coat a lot, but the software dashboard access is "Completely free*"

by nekusar

7/2/2026 at 9:47:17 PM

I can't find it so it's probably just a myth, but I recall hearing about "free beer with purchase of food" at bars during prohibition. However, I think it was more than just the sale that was prohibited.

by hydrogen7800

7/2/2026 at 9:53:59 PM

I used to regularly go to a comedy show on the site of an old brewery in Wandsworth. The comedy cost £20 but the beer was free. Apparently the site was the oldest continuous used brewery in Europe and the head brewer decided to keep the record going after the site was sold to a property development company. However, there was a prohibition against competition and licensing issues meaning they couldn't charge for beer.

by VBprogrammer

7/2/2026 at 9:49:23 PM

I've been to bars that required you to buy a bowl of popcorn or some such in order to abide by their restrictive liquor license which only allowed sale with food.

by colechristensen

7/3/2026 at 12:15:46 AM

There was a situation like this in DC for cannabis. There was a ballot measure passed that legalized recreational use and gifting but selling weed was still illegal. So there were lots of “gifting” shops where they would sell things like stickers or t-shirts and then offer you a “free gift” of cannabis. It was sort of tolerated for a little while but the authorities started cracking down and required them to get licensed for medical maraijuana sales. [1]

0: https://en.wikipedia.org/wiki/2014_Washington,_D.C.,_Initiat...

1: https://mjbizdaily.com/news/district-of-columbia-dc-gifting-...

by pimlottc

7/2/2026 at 9:57:35 PM

Raines Law in that late 1800s put restrictions on the sale of alcohol in NY on Sundays. Bartenders used a loophole of the drinks being served with a meal to get around it.

They would make a single sandwich, "serve" it to the patron along with their drink, then immediately take back the sandwich to "serve" it to the next person wanting a drink

https://www.atlasobscura.com/articles/raines-sandwich

by Cycl0ps

7/2/2026 at 9:43:12 PM

Is that what Flock does?

by fastball

7/2/2026 at 10:59:22 PM

I for one am glad to hear they have some standards over there and refuse to profit from exploiting peoples private information.

by blitzar