1 New Section; Wiretapping and Eavesdropping; Sharing Location Data Prohibited. Amend RSA 570-A by inserting after section 2-a the following new section:

570-A:2-b Sharing Location Data Prohibited.

I. In this section:

(a)(1) "Authorized use" means the sharing of a customer's location data:

(A) For the purpose of providing a service explicitly requested by such customer;

(B) Exclusively for the purpose of providing a service explicitly requested by such customer; and

(C) Where such data is not collected, shared, stored, or otherwise used by a third party for any purpose other than providing a service explicitly requested by such customer.

(2) "Authorized use" shall not include any instance in which a customer's location data is shared in exchange for products or services.

(b) "Customer" means a current or former subscriber to a telecommunications carrier or a current or former user of a mobile application.

(c) "Location data" means information related to the physical or geographical location of a person or the person's mobile communications device, regardless of the particular technological method used to obtain this information.

(d) "Mobile application" means a software program that runs on the operating system of a mobile communications device.

(e) "Mobile application developer" means a person that owns, operates, or maintains a mobile application and makes such application available for the use of customers for a fee or otherwise.

(f) "Mobile communications device" means any portable wireless telecommunications equipment that is utilized for the transmission or reception of data, including location data, and that is or may be commonly carried by or on a person or commonly travels with a person, including in or as part of a vehicle a person drives.

(g) "Share" means to make location data available to another person, for a fee or otherwise.

(h) "Telecommunications carrier" means a service offered to the public for a fee that transmits sounds, images, or data through wireless telecommunications technology.

II.(a) No mobile application developer or a telecommunications carrier shall share a customer's location data where such location data was collected while the customer's mobile communications device were physically present in the city.

(b) No person who receives location data that is shared in violation of subparagraph (a) shall share such data with another person.

III. A mobile application developer, telecommunications carrier, or other person who shares a customer's location data with another person in a manner prohibited by this section shall be guilty of a violation and subject to a fine of $1,000. A mobile application developer, telecommunications carrier, or other person who is convicted of multiple violations of this section shall be subject to a maximum fine $10,000 for each person whose location data was shared in violation of this section.

IV. This section shall not apply to:

(a) Information provided to a law enforcement agency in response to a lawful process;

(b) Information provided to an emergency service agency responding to an emergency communication or any other communication reporting an imminent threat to life or property;

(c) Information required to be provided by a federal, state, or local law enforcement agency; or

(d) A customer providing the customer's own location data to a mobile application.

V. Any customer whose location data has been shared in violation of this chapter may bring a private action in a court of competent jurisdiction. If a court of competent jurisdiction finds that a person has violated a provision of this section, the court may award actual damages and reasonable attorney's fees and costs incurred in maintaining such civil action.

2 Effective Date. This act shall take effect 60 days after its passage.

1 New Section; Wiretapping and Eavesdropping; Sharing Location Data Prohibited. Amend RSA 570-A by inserting after section 2-a the following new section:

570-A:2-b Sharing Location Data Prohibited.

I. In this section:

(a)(1) "Authorized use" means the sharing of a customer's location data:

(A) For the purpose of providing a service explicitly requested by such customer;

(B) Exclusively for the purpose of providing a service explicitly requested by such customer; and

(C) Where such data is not collected, shared, stored, or otherwise used by a third party for any purpose other than providing a service explicitly requested by such customer.

(2) "Authorized use" shall not include any instance in which a customer's location data is shared in exchange for products or services.

(b) "Customer" means a current or former subscriber to a telecommunications carrier or a current or former user of a mobile application.

(c) "Location data" means information related to the physical or geographical location of a person or the person's mobile communications device, regardless of the particular technological method used to obtain this information.

(d) "Mobile application" means a software program that runs on the operating system of a mobile communications device.

(e) "Mobile application developer" means a person that owns, operates, or maintains a mobile application and makes such application available for the use of customers for a fee or otherwise.

(f) "Mobile communications device" means any portable wireless telecommunications equipment that is utilized for the transmission or reception of data, including location data, and that is or may be commonly carried by or on a person or commonly travels with a person, including in or as part of a vehicle a person drives.

(g) "Share" means to make location data available to another person, for a fee or otherwise.

(h) "Telecommunications carrier" means a service offered to the public for a fee that transmits sounds, images, or data through wireless telecommunications technology.

II.(a) No mobile application developer or a telecommunications carrier shall share a customer's location data where such location data was collected while the customer's mobile communications device were physically present in the city.

(b) No person who receives location data that is shared in violation of subparagraph (a) shall share such data with another person.

III. A mobile application developer, telecommunications carrier, or other person who shares a customer's location data with another person in a manner prohibited by this section shall be guilty of a violation and subject to a fine of $1,000. A mobile application developer, telecommunications carrier, or other person who is convicted of multiple violations of this section shall be subject to a maximum fine $10,000 for each person whose location data was shared in violation of this section.

IV. This section shall not apply to:

(a) Information provided to a law enforcement agency in response to a lawful process;

(b) Information provided to an emergency service agency responding to an emergency communication or any other communication reporting an imminent threat to life or property;

(c) Information required to be provided by a federal, state, or local law enforcement agency; or

(d) A customer providing the customer's own location data to a mobile application.

V. Any customer whose location data has been shared in violation of this chapter may bring a private action in a court of competent jurisdiction. If a court of competent jurisdiction finds that a person has violated a provision of this section, the court may award actual damages and reasonable attorney's fees and costs incurred in maintaining such civil action.

2 Effective Date. This act shall take effect 60 days after its passage.