This mirrors past controversies: TikTok faced a federal ban and forced sale due to location data concerns, while U.S. mobile carriers incurred millions in fines for selling user location data. Currently this is a war of words, but the sensitivity on the topic is growing, and it should be acknowledged by the mobile ecosystem at large. These actions highlight a growing regulatory consensus: precise geolocation is highly sensitive, demanding stringent protection across the digital ecosystem.

The situation: AG vs Mobile Location Services

When a bipartisan coalition of 37 state attorneys general led by Georgia Attorney General Chris Carr and New Mexico Attorney General Raúl Torrez sent a letter to Instagram earlier this month (13 August 2025), the language they chose was deliberate and urgent. The feature that allows precise location sharing on a live map, they wrote, “raises significant public safety and data concerns” and creates risks that “are especially acute for children and survivors of domestic violence.” The letter warned that Instagram must take steps immediately to protect its users: “Ensure minors are NOT allowed to enable location sharing features,” the AGs demanded, emphasizing this phrase in capital letters. They further urged Meta to “send a clear alert to all adult users explaining the feature” and to give everyone a “simple, easy-to-access” disabling option. Beneath the policy language was a clear threat: failure to act would invite deeper scrutiny from states that are increasingly vigilant on digital safety.

For our international readers we should remind that State Attorneys General (AGs) are the top legal officers in each USA state, often elected independently. They advise state governments, represent the state in court, and enforce laws on issues like consumer protection, data privacy, antitrust, civil rights, and the environment. AGs can sue companies, seek injunctions, and levy fines. Increasingly, they coordinate multistate investigations and lawsuits, amplifying their influence against powerful corporations. Their independence and broad statutory authority make them key watchdogs and policy shapers, especially on emerging digital and privacy concerns. This letter should be seen in the context; this is a debate that is seen by the AG to become more important; the letter to Meta might be only the first step. This was not the first time the localisation of mobile services got to the headlines, it is increasingly complex area, and one that should be considered with attention by all players. 

What emerges globally is a shared recognition: geolocation is no longer simply another data point. Instead, it straddles consumer protection, national security, and digital sovereignty. 

TikTok and the long road from location concerns to a forced USA sale

The Instagram letter echoes the trajectory that brought TikTok into its fiercest confrontation with USA policymakers. The ban of the app on government devices, signed into law at the end of 2022, was rooted partly in fears surrounding its ability to capture user movements. As one congressional report phrased it at the time, TikTok’s collection of sensitive data “creates an unacceptable risk of surveillance and influence by a foreign adversary.”

During the widely televised March 2023 hearing, TikTok’s CEO  Shou Zi Chew’s reassurances were met with bipartisan scepticism. Despite TikTok’s effort to localize American data through “Project Texas,” lawmakers remained convinced that precise geolocation vulnerabilities were too risky as long as the app was tied to its Chinese parent, ByteDance.

By 2025, this mistrust culminated in legislation effectively forcing ByteDance to divest TikTok’s U.S. operations. The TikTok case illustrated how concerns about geolocation could scale from a consumer safety issue to a question of national security, with the ultimate remedy being nothing less than government-mandated corporate divestment.

MNOs under fire: litigation over selling of sensitive locations

If a foreign-owned app raised national security alarms, carriers raised equally troubling questions about domestic data stewardship. In early 2020, the Federal Communications Commission issued proposed fines totalling nearly $200 million against AT&T, Verizon, T-Mobile, and Sprint for selling customer location data to third parties. According to the FCC’s investigation, this information was resold through brokers down to entities as varied as bounty hunters and private investigators. 

The proposed penalties were eye-popping: more than $91 million for T-Mobile, $57 million for AT&T, $48 million for Verizon, and $12 million for Sprint. Despite promises to shut down the data pipelines, state attorneys general and private litigants continued to pursue lawsuits, accusing the carriers of betraying consumer trust for profit.

Global Trends in Geolocation

For years, geolocation was marketed as a benign convenience: it has been powering maps, ride-hailing apps, and localized advertising. But around the world, regulators and courts are now treating precise location data as one of the most sensitive categories of personal information, with standards escalating rapidly.

Europe: Geolocation as “sensitive data”

In the European Union, the General Data Protection Regulation (GDPR) sets the tone globally by categorizing precise location as personal data, requiring clear consent to process it. Regulators have fined companies, including ad-tech firms and app developers, for failing to obtain explicit opt-ins. The French CNIL in 2020 fined Google €100 million partly for tracking and advertising practices tied to user data, and Norway’s Data Protection Authority has issued orders freezing location-based marketing practices by apps found to lack valid consent.

Asia-Pacific: Surveillance concerns and localization pressures

In India, the draft Digital Personal Data Protection Act (2023) establishes explicit restrictions on geolocation use, and the government has signalled that excessive location tracking could trigger regulatory bans. China has gone further, requiring data localization for geolocation information, prohibiting companies from transferring it abroad without state review. In practice, this means global firms must tread carefully when operating in mainland China, where location data is considered a matter of state sovereignty.

The Americas: Litigation and enforcement on the rise

Beyond the U.S. carrier lawsuits and TikTok controversy, Latin American states are tightening controls. Brazil, under its LGPD privacy law, has fined telecoms and digital platforms for mishandling geolocation data. Mexico’s privacy regulator (INAI) has also begun investigations into foreign companies collecting precise mobile data without proper disclosure. Canada, with its proposed Consumer Privacy Protection Act (CPPA), is likely to impose GDPR-style consent rules, again targeting apps that operate with imprecise or bundled consents for location tracking.

Africa and the Middle East: National security over consumer choice

Several governments in Africa and the Middle East do not frame geolocation primarily as a privacy issue but as one of public order and national security. Kenya’s Data Protection Act (2021) requires clear consent for collection but carves out broad exemptions for security agencies. In the Gulf states, telecom regulators have insisted on strict location data localization rules, particularly in Saudi Arabia and the UAE, forcing platforms to store sensitive mapping data within their jurisdictions.

A widening privacy battle reshaping the digital ecosystem

What emerges globally is a shared recognition: geolocation is no longer simply another data point. Instead, it straddles consumer protection, national security, and digital sovereignty. Companies that once treated location sharing as a frictionless feature now face fines, reputational harm, or bans if they misstep. Governments, meanwhile, are converging on the idea that location data deserves similar treatment as biometrics uniquely sensitive and uniquely risky.

MEF CEO