"We've seen an explosion of efforts to create location-tracking techniques to fight the spread of COVID-19. The mobile advertising industry is legally able to obtain location data from apps installed on users' phones, and then turn around to hand that information to federal or state government agencies or to private parties. This is a way for governments to "launder" the acquisition of location data, bypassing the use of legal process to obtain that information from cell carriers directly. While the information is aggregated and ostensibly anonymized, there have long been demonstrations of how easy it is to re-identify someone from "anonymous" data (either alone or by combining it with other data sources).
Before the pandemic hit the U.S., we were just starting to see Congress and regulators crack down on the invasion of Americans' location privacy. At the very end of February, days before COVID-19 effectively shut down the country, the FCC announced that it planned to impose a $200 million fine against the four major carriers (which are now about to be down to three, with the FCC's March approval of the Sprint/T-Mobile merger) for selling their subscribers' real-time location data to third parties without subscribers' consent. Now that same privacy-intrusive industry is rebranding itself as helping out in the fight against COVID-19. And I won't be surprised if we see the cell carriers point to the COVID-19 battle to try to weasel out of the fines."