The Federal Communications Commission (FCC) has fined several major U.S. wireless carriers for illegally selling their subscribers’ location data to third-party data brokers.
In an FCC statement, the agency said AT&T, Verizon, Sprint, and T-Mobile US were ordered to pay penalties of $57 million, $47 million, $12 million, and $80 million, respectively, for improperly sharing customers’ sensitive location information. Sprint and T-Mobile had completed their merger in 2020.
“Our communications providers have access to some of the most sensitive information about us,” FCC Chairwoman Jessica Rosenworcel said. “These carriers failed to protect the information entrusted to them. Here, we are talking about some of the most sensitive data in their possession: customers’ real-time location information, revealing where they go and who they are.”
The FCC’s investigation found that the carriers sold subscribers’ location data to data aggregators, who then resold that information to third-party location service companies. The commission concluded that each carrier attempted to shift the responsibility for obtaining customer consent onto downstream buyers, creating a situation in which valid consent for data sharing was often missing.
The FCC Enforcement Bureau emphasized that the law prevents carriers from shirking their statutory duty to protect customers’ CPNI (customer proprietary network information) by delegating those obligations to third parties.
Concerns about telecom companies providing customer location data first surfaced in 2018 when Senator Ron Wyden (D-OR) asked then-FCC Chair Ajit Pai to investigate reports that Securus Technologies had purchased real-time location data from major wireless carriers. While the FCC under Pai determined in 2020 that the carriers had likely violated the law, the penalties and enforcement actions were not finalized at that time.
Senator Wyden praised the FCC’s enforcement action, saying, “No one who signed up for a cell plan thought they were giving permission for their phone company to sell a detailed record of their movements to anyone with a credit card. I applaud the FCC for following through on my investigation and holding these companies accountable for putting customers’ lives and privacy at risk.”
The unauthorized sale of location data raises serious privacy and security concerns. A recent study from Duke University found that data brokers were offering information on U.S. military personnel and their families for extremely low prices, underscoring the potential national security implications of widespread location-data sales.
While the FCC’s fines aim to hold the carriers accountable and deter future violations, privacy advocates and lawmakers continue to call for stronger protections for consumer data. Proposals under consideration include legislative measures to restrict or ban government purchases of citizens’ data from commercial data brokers and to tighten consent requirements for location information.
(Photo by Kelsey Knight)
See also: FCC votes to restore net neutrality protections
Unified Communications is a two-day event held in California, London, and Amsterdam that explores the future of workplace collaboration in a digital world. The event is co-located with Digital Transformation Week, IoT Tech Expo, Edge Computing Expo, Intelligent Automation, AI & Big Data Expo, and Cyber Security & Cloud Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge.