Federal and state enforcement actions involving geolocation data violations, tracked from official government sources.
21
Total Actions
$6.0B
Total Fines
5
Jurisdictions
Privacy enforcement action where the FTC settled with General Motors and OnStar for collecting and selling consumers' geolocation and driving behavior data without adequate notice or consent. The order prohibits sharing data with consumer reporting agencies and requires transparency and consumer choice measures.
Texas Attorney General Ken Paxton secured a $1.375 billion settlement with Google for unlawfully tracking Texans' geolocation data, incognito browsing activity, and biometric identifiers without consent. This is the largest single-state privacy settlement against Google, significantly larger than multistate settlements. The agreement resolves two major privacy enforcement actions brought by Texas.
$1.4B
The FTC settled allegations against Apitor Technology for violating COPPA by allowing a third party to collect geolocation data from children without parental consent. Apitor must pay a $500,000 suspended fine, delete improperly collected data, and implement measures to comply with COPPA, including obtaining parental consent and notifying parents.
$500K
Texas Attorney General Ken Paxton announced a comprehensive privacy enforcement initiative, achieving record settlements with Meta ($1.4B) and Google ($1.375B) for biometric and geolocation data violations, suing General Motors and TikTok, and investigating numerous companies for children's data and AI practices. The AG's office has enforced multiple Texas privacy laws and registered over 200 data brokers.
$2.8B
Attorney General Ken Paxton sued Google for unlawfully tracking and collecting Texans' private data, including geolocation, incognito searches, and biometric data. The case resulted in a $1.375 billion settlement, the largest ever against Google for state privacy enforcement, marking a major win for data privacy rights.
$1.4B
The FTC alleged that General Motors and its OnStar subsidiary collected and sold drivers' precise geolocation and driving behavior data (e.g., hard braking, speeding) to consumer reporting agencies without adequately notifying consumers or obtaining their affirmative consent. A proposed consent order bans the companies from disclosing this sensitive data to consumer reporting agencies for five years and requires them to implement clearer consent mechanisms, data access/deletion processes, and opt-out options.
The FTC finalized an order banning Mobilewalla Inc. from selling sensitive location data after alleging the company sold such data without verifying consumer consent. The order prohibits Mobilewalla from collecting data from ad exchanges for non-auction purposes, misrepresenting data practices, and using location data from sensitive locations like health clinics and places of worship.
Texas Attorney General Ken Paxton filed a lawsuit against Allstate and its subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million consumers without consent. The data, which includes precise geolocation information, was used to justify insurance premium increases. This action alleges violations of the Texas Data Privacy and Security Act (TDPSA).
The FTC took action against Gravy Analytics Inc. and Venntel Inc. for unlawfully tracking and selling sensitive consumer location data without consent. The proposed consent order prohibits the sale or use of sensitive location data, requires deletion of historic data, and mandates compliance programs. This is part of the FTC's series of actions against data brokers selling sensitive location data.
Texas Attorney General Ken Paxton opened an investigation into multiple car manufacturers for collecting and selling driver data to third parties, including insurance companies, without consumers' knowledge or consent. The investigation, conducted under the Texas Deceptive Trade Practices – Consumer Protection Act, seeks documents about data collection practices and disclosures made to customers. The AG's office is concerned about invasive data collection and potential deceptive practices.
The FTC settled with InMarket Media for unlawfully collecting and using consumers' precise location data without adequate notice and consent. The order prohibits InMarket from selling or sharing precise location data, requires deletion of collected data, and mandates consumer consent mechanisms and privacy programs.
The FTC finalized an order against data broker X-Mode and its successor Outlogic for selling precise location data that could track visits to sensitive locations like medical clinics and places of worship. The order bans them from sharing or selling sensitive location data and requires them to delete collected data, implement privacy programs, and ensure downstream compliance.
The FTC settled with data brokers X-Mode Social and Outlogic for selling precise location data without informed consent and failing to protect sensitive information. The proposed order bans the sale of sensitive location data, requires deletion of collected data, and mandates a comprehensive privacy program. This is the FTC's first action against a data broker for sensitive location data practices.
California Attorney General Rob Bonta announced a $93 million settlement with Google for deceiving users about location tracking. Google continued to collect location data even after users opted out, violating California consumer protection laws. The settlement includes injunctive terms to enhance transparency and user controls over location settings.
$93.0M
The Connecticut legislature passed a series of consumer protection bills backed by Attorney General William Tong. The legislation modernizes anti-robocall laws, requires all-in pricing for ticket sales, prohibits post-cancellation cable billing charges, and enhances geolocation data breach notification requirements. The bills now await Governor Ned Lamont's signature.
The FTC charged Easy Healthcare Corporation, operator of the Premom fertility app, with deceiving users by sharing their sensitive health data with third parties for advertising without consent and failing to notify breaches as required by the Health Breach Notification Rule. Under a proposed consent decree, the company will pay a $100,000 civil penalty, be barred from sharing health data for advertising, and must implement privacy and security measures.
$100K
Google settled with 40 state attorneys general over allegations that it misled consumers about location tracking practices. Google will pay $391.5 million and must enhance transparency and user controls for location data collection.
$391.5M
Connecticut Attorney General William Tong joined a coalition of 19 attorneys general in a letter to congressional leaders urging federal legislation to protect reproductive healthcare access post-Dobbs. The letter proposes measures including requiring insurance plans to cover abortion, eliminating the Hyde Amendment, protecting medication abortion, and strengthening data privacy laws to prevent surveillance of reproductive health data and geofencing near clinics.
The FTC finalized an order banning Support King, LLC and its CEO from the surveillance business for selling stalkerware apps that secretly collected and shared users' personal data without consent. The order requires them to delete all illegally collected data and notify affected device owners.
The FTC banned Support King, LLC (SpyFone) and its CEO from the surveillance business for secretly harvesting and sharing users' data without consent, and ordered the deletion of all illegally collected data and notification to affected device owners. The company failed to secure the data, leading to a hack that exposed 2,200 consumers.
The California Attorney General reached a $28.4 million settlement with Aaron's, Inc. for installing spyware on rented computers without customer consent and for violating the Karnette Rental-Purchase Act. The spyware, called 'Detective Mode', allowed remote monitoring of keystrokes, screenshots, location, and webcam activation. Aaron's must refund $25 million to approximately 100,000 customers and pay $3.4 million in penalties, and is prohibited from using spyware.
$3.4M