Bill Text: NJ A2489 | 2020-2021 | Regular Session | Introduced


Bill Title: Prohibits commercial mobile service providers and mobile application developers from disclosing customer's location data to third parties.

Spectrum: Partisan Bill (Democrat 2-0)

Status: (Introduced - Dead) 2020-03-05 - Combined with A2340 (ACS) [A2489 Detail]

Download: New_Jersey-2020-A2489-Introduced.html

ASSEMBLY, No. 2489

STATE OF NEW JERSEY

219th LEGISLATURE

 

INTRODUCED FEBRUARY 3, 2020

 


 

Sponsored by:

Assemblywoman  ANNETTE QUIJANO

District 20 (Union)

 

 

 

 

SYNOPSIS

     Prohibits commercial mobile service providers and mobile application developers from disclosing customer's location data to third parties.

 

CURRENT VERSION OF TEXT

     As introduced.

  


An Act concerning commercial mobile service providers and mobile application developers and supplementing Title 56 of the Revised Statutes.

 

     Be It Enacted by the Senate and General Assembly of the State of New Jersey:

 

     1.    As used in P.L.    , c.    (C.        ) (pending before the Legislature as this bill):

     "Authorized use" means the disclosing of a customer's location data: for the purpose of providing a service explicitly requested by that customer; exclusively for the purpose of providing a service explicitly requested by that customer; and where that data is not collected, disclosed, stored, or otherwise used by a third party for any purpose other than providing a service explicitly requested by that customer.  "Authorized use" shall not include any instance in which a customer's location data is disclosed in exchange for products or services.

     "Commercial mobile service" means a type of mobile telecommunications service as defined in subsection (d) of section 332 of the Communications Act of 1934 (47 U.S.C. s.332(d)).

     "Commercial mobile service provider" means an individual, proprietorship, partnership, corporation, association, or other legal entity that provides commercial mobile service on a mobile device.

     "Customer" means a current or former customer of a commercial mobile service provider or a current or former user of a mobile application.

     "Disclose" means to make location data available to another person, whether for a fee or otherwise.

     "Location data" means information related to the physical or geographical location of a customer or the customer's mobile device, regardless of the particular technological method used to obtain this information.

     "Mobile application" means a software program that runs on the operating system of a mobile device.

     "Mobile application developer" means a person that owns, operates, or maintains a mobile application and makes that application available for the use of customers, whether for a fee or otherwise.

     "Mobile device" means wireless telecommunications device that is capable of collecting a customer's location data.

 

     2.    a.  It shall be an unlawful practice for a commercial mobile service provider or a mobile application developer to disclose a customer's location data where that location data is collected while the customer's mobile device is physically present within this State.

     b.    It shall be an unlawful practice for a person who receives location data that is disclosed in violation of subsection a. of this section to disclose that customer's location data with any other person.

     c.     Each instance in which a commercial mobile service provider, mobile application developer, or other person that discloses a customer's location data with another person in a manner prohibited by this section shall constitute a separate violation of this section.

 

     3.    The provisions of section 2 of P.L.    , c.    (C.        ) (pending before the Legislature as this bill) shall not apply to:

     a.     information provided to a law enforcement agency in response to a legal process;

     b.    information provided to an emergency service organization responding to a 9-1-1 communication or any other communication reporting an imminent threat to life or property;

     c.     information required to be provided by federal, State, or local law; or

     d.    a customer providing the customer's own location data to a commercial mobile service provider or mobile application developer to be disclosed for an authorized use.

 

     4.    Any person who violates section 2 of P.L.    , c.    (C.       ) (pending before the Legislature as this bill) shall be subject to a civil penalty of $1,000 for each violation.  Where a person commits multiple violations of section 2 of P.L.    , c.    (C.        ) (pending before the Legislature as this bill) on the same day, the maximum civil penalty assessed against that person for all violations shall be a cumulative penalty of $10,000 per person.  The Division of Consumer Affairs in the Department of Law and Public Safety shall enforce the provisions of P.L.    , c.    (C.        ) (pending before the Legislature as this bill).

 

     5.    a.  A customer whose location data has been disclosed in violation of section 2 of P.L.    , c.    (C.        ) (pending before the Legislature as this bill) may bring an action in any court of competent jurisdiction.  If a court of competent jurisdiction finds a person has violated section 2 of P.L.    , c.    (C.        ) (pending before the Legislature as this bill), the court may award actual damages, computed at a rate of $1,000 per violation up to $10,000 per day and reasonable attorney's fees and costs incurred in maintaining that civil action.

     b.    The private right of action authorized pursuant to subsection a. of this section does not supplant any other claim or cause of action available to a customer under common law or by statute.  The provisions of this subsection are in addition to any other common law and statutory remedies.

     c.     Nothing in this section shall be construed as creating a private right of action against the State or any political subdivision thereof.

 

     6.    The Director of the Division of Consumer Affairs in the Department of Law and Public Safety shall promulgate rules and regulations, pursuant to the "Administrative Procedure Act," P.L.1968, c.410 (C.52:14B-1 et seq.), necessary to effectuate the purposes of P.L.    , c.    (C.        ) (pending before the Legislature as this bill).

 

     7.    This act shall take effect immediately, but shall remain inoperative for 120 days following the date of enactment.

 

 

STATEMENT

 

     This bill prohibits commercial mobile service providers and mobile application developers from disclosing a customer's location data with another person if the customer is located within the State.  The bill prohibits anyone who receives the location data from commercial mobile service providers and mobile application developers from disclosing it to another person.  Each instance of unlawful disclosure constitutes a separate violation.  The bill's prohibitions do not apply to: 1) information provided to a law enforcement agency in response to a legal process; 2) information provided to an emergency service organization responding to a 9-1-1 communication or any other communication reporting an imminent threat to life or property; 3) information required to be provided by federal, State, or local law; or 4) a customer providing the customer's own location data to a commercial mobile service provider or mobile application developer to be disclosed for an authorized use.

     The penalty for violating the prohibitions in the bill is $1,000 per violation, with a maximum penalty of $10,000 per person.  The Division of Consumer Affairs in the Department of Law and Public Safety is to enforce the bill's prohibitions.  The bill creates a private right of action against commercial mobile service providers and mobile application developers that violate this prohibition.

feedback