Geolocation data: what Virginia's ban on selling your location means

Virginia has moved to ban the sale of precise geolocation data, a step highlighted in coverage shared on Hacker News that reflects growing unease about how information on people's movements is bought and sold. The measure restricts a largely invisible market that turns the location signals from everyday devices into a tradable commodity.
Geolocation data is, at its simplest, information about where a device — and by extension its owner — has been. Precise location data can pinpoint a person to within a few metres and, gathered over time, can reveal where someone lives, works, worships, seeks medical care and spends their evenings. It is among the most sensitive categories of personal information precisely because a pattern of places can expose so much about a life.
The data is collected in many ways. Smartphones determine location through GPS, nearby Wi-Fi networks and cell towers, and countless apps request access to that location, sometimes for obvious reasons like maps or weather and sometimes for purposes users may not expect. Software components embedded in apps can pass location readings to third parties, feeding a supply chain that most people never see.
At the end of that chain sit data brokers — companies that aggregate location and other personal information from many sources and sell it to advertisers, analytics firms and others. This trade has operated with limited transparency, and investigations in recent years have shown that detailed location histories, sometimes tied to identifiable individuals, can be purchased with relative ease.
Virginia's action, according to the legal analysis circulated on Hacker News, targets the sale of this precise location data specifically. Rather than banning the collection of location entirely, such measures typically focus on the commercial trade in it, aiming to stop sensitive movement data from being sold on to parties with whom a person never chose to share it.
The concern driving these laws is that location data can be used in ways that harm people. It can enable stalking or the tracking of vulnerable individuals, expose visits to sensitive places such as clinics or places of worship, and be repurposed for surveillance or profiling far beyond the reason it was originally gathered. Because the data can often be linked back to a person, the risks are not hypothetical.
Virginia is not acting in isolation. It is part of a broader wave of state-level privacy legislation in the United States, where, in the absence of a single comprehensive federal privacy law, individual states have passed their own rules governing how personal data can be collected, used and sold. The result is a patchwork of protections that vary from state to state.
That patchwork creates practical challenges for companies, which must navigate different obligations depending on where their users live, and it means the level of protection a person enjoys can depend heavily on their state of residence. Advocates for a national standard argue that a single federal law would be clearer and more consistent, while others value the ability of states to move faster than a divided national legislature.
For the businesses that rely on location data, from advertising networks to app developers, rules like Virginia's require rethinking how location is handled — what is collected, how consent is obtained, and whether data can be shared or sold at all. Compliance often pushes firms toward collecting less, anonymising more, and being clearer with users about what happens to their information.
For individuals, the practical takeaways are worth knowing regardless of where one lives. Reviewing which apps have location permissions, limiting access to only when an app is in use, and turning off location for apps that do not need it all reduce how much of this data is generated in the first place. Virginia's ban addresses the sale end of the pipeline; personal settings address the source.
Read next

Quiet supersonic flight: how the FAA proposal could revive faster-than-sound travel
The US aviation regulator has proposed allowing supersonic airliners to fly over American cities if they are quiet enough, Ars Technica reports. The plan would replace a decades-old outright ban on overland supersonic flight with a noise-based standard, potentially reopening the door to faster air travel.

Why does Switzerland have 25 Gbit internet and the US does not?
A widely shared analysis asks why Switzerland offers home internet speeds of 25 gigabits while much of the United States lags behind. This explainer looks at the infrastructure, regulation and market structure that shape how fast, and how affordable, a country's broadband becomes.

Anthropic in talks with Samsung over a custom AI chip, TechCrunch reports
Anthropic, the AI company behind the Claude chatbot, is discussing a new custom chip with Samsung, TechCrunch reports. The talks reflect a wider race among AI firms to secure and tailor the hardware that powers their models and to reduce reliance on a single supplier.

Google loses EU antitrust appeal and must pay a record $4.7 billion fine
Google has lost a long-running appeal against a record European Union antitrust fine and must pay about $4.7 billion, Ars Technica reports. The penalty stems from EU findings over how Google used its Android mobile operating system to entrench its search engine.

Why everyone from Honda to Big Tech is pivoting to data centers
Honda's move into data centers is the latest sign that the AI computing boom is pulling in companies far outside the tech industry. Here is why so many firms are chasing data center demand, and the risks of a building spree tied to a single technology wave.