NPR story focuses on geofencing hospitals and serving mobile ads for personal injury attorneys.

Many US-based marketing companies and platforms were indifferent or complacent about GDPRuntil the very last minute. Some firms have declined to expand into or have withdrawn from Europe, feeling that GDPR’s rules and requirements are too burdensome.

The rude surprise for these companies is that some version of European privacy regulations is probably coming relatively soon to the US market. Privacy is now a big issue in the wake of Cambridge Analytica, with one consumer survey from Janrain finding that 68 percent of respondents want GDPR-like data protections in the US.

California has a ballot measure heading for a vote in November that has many internet marketers very nervous. The California Consumer Privacy Act is less onerous than GDPR but includes many of the same data-privacy protections.

In this new privacy-sensitive environment, numerous stories are popping up about online marketing abuses, data security and “digital stalking.” The latest example, coming today, is an NPR story about geofencing, hospitals and personal injury lawyers (and the marketers who serve them). Here’s an excerpt from the transcript:

Patients sitting in emergency rooms, at chiropractors’ offices and at pain clinics in the Philadelphia area may start noticing on their phones the kind of messages typically seen along highway billboards and public transit: personal injury law firms looking for business by casting mobile online ads at patients.

The potentially creepy part? They’re only getting fed the ad because somebody knows they are in an emergency room.

Stories like this, running just under four minutes, have little room for nuance. They use a sensational headline or hook for attention and don’t have time to present a complex discussion. However, in fairness to NPR, this story did make distinctions between marketing consumer products and using sensitive health information to sell litigation services.

Industry trade groups have been arguing for years against regulation and legislation and in favor of self-regulation. While self-regulation is possible, it hasn’t really worked uniformly across the industry. Many marketing and data platforms have not been sufficiently accessible or transparent to allay consumer concerns, which have only grown with each new data breach and scandal.

There are numerous studies (e.g., Vision Critical) that say some version of the following: Consumers will consent to use of their data if they know why marketers or publishers are asking, how it’s being implemented and have reasonable assurances of security and privacy. But most companies don’t really do anything approaching this.

Location intelligence is a subset of the larger internet-data ecosystem. Most location data companies I talk to use privacy best practices (or say they do) and are sensitive to these issues. However, there’s been little education of consumers about the value of this data and how it can improve the relevance of ads or the consumer experience. Accordingly, when stories such as NPR’s appear (and numerous others), it fills a void with fear and paranoia.

The use case presented in that story — geotargeting emergency room and hospital visitors with ads for personal injury attorneys — is a relatively creepy and marginal one today. However, it’s also pretty alarming and implies this type of thing is going on across the entire industry.

These kinds of stories will all but guarantee passage of new privacy laws such as the one on California’s November ballot. And successful passage of that law will likely be emulated by other states.