FCC Chairman Ajit Pai wrote a letter to Congress on Friday confirming that some wireless carriers violated federal law by collecting users’ real-time location data without proper authorization.
Pai did not identify the specific carriers in his letter, stating only that the FCC’s enforcement bureau “concluded that one or more wireless carriers apparently violated federal law.”
The agency opened its inquiry after a Motherboard report revealed that several carriers, including T-Mobile, Sprint, and AT&T, had sold real-time location information. According to the report, this sensitive data could be purchased by third parties for relatively small sums, potentially allowing strangers to monitor individuals’ movements in real time.
Pai’s letter effectively corroborates the earlier reporting. He indicated that the FCC would issue a “formal notice of liability” to the full commission for consideration as the next step in enforcement.
FCC Commissioner Jessica Rosenworcel told Reuters that it was regrettable the investigation took so long. “It’s chilling to consider what a black market could do with this data,” she said, underscoring the privacy and safety risks posed by unauthorized access to location information.
Concerns about location-data sharing date back several years. In 2018, a security researcher reported that data from a California-based technology firm could be used to track mobile users across multiple carriers without their consent. That same year, U.S. Senator Ron Wyden warned the FCC that carriers had sold location data to a company supplying phone services to prisons, which allegedly enabled prison officials to track inmates’ and visitors’ cell phones.
In response to the allegations, a trade association representing U.S. carriers said that once the misuse was reported, carriers “quickly investigated, suspended access to the data and subsequently terminated those programs.” The statement emphasized steps taken to curb third-party access pending further review.
Privacy advocates and lawmakers have stressed the need for stronger controls and greater transparency surrounding how location data is collected, shared, and monetized. Real-time location information can reveal intimate details about a person’s life—where they live, work, socialize, and seek medical care—so unauthorized distribution poses significant risks to individual privacy and public safety.
The FCC’s next actions will determine whether the findings lead to formal penalties or additional regulatory requirements to prevent similar incidents in the future. The agency’s enforcement process, including any notices of liability and ensuing proceedings, will clarify the extent of the violations and the carriers involved.
(Image Credit: Ajit Pai by Gage Skidmore under CC BY-SA 2.0)
Interested in hearing industry leaders discuss topics like this and learn about real-world use cases? Consider attending events in the IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, Cyber Security & Cloud Expo, and 5G Expo World Series, which take place in cities such as Silicon Valley, London, and Amsterdam. These conferences explore the future of enterprise technology, including privacy, security, and data governance.