"prohibit [..] sharing customers' geolocation data without customer consent"
If this law actually makes it this time, I foresee another clause added to page 43 of the EULA nobody ever reads stipulating that by using the product, you give your consent.
Problem solved (for the companies).
Look, I'm happy you're at least trying to do something, I really am. But you do need to take a look beyond your limousines and bulletproof glass windows and look at how the world actually works. Demanding user consent is a step forward - but you cannot allow it to be embedded in the EULA. It must be an in-your-face question, clearly labelled YOUR SECURITY IS AT STAKE, with a button YES and a button NO. And clicking NO does NOT prevent using the product.
Then we might be able to accept that something is actually being done about this whole mess.