The Federal Communications Commission (FCC) has imposed a collective fine of $200 million on some of the country's largest cellphone carriers for unlawfully sharing access to customer location data without consent and neglecting to safeguard that data from unauthorized disclosures.
According to an April 29 press release from the FCC, T-Mobile, AT&T, Sprint, and Verizon were found to have violated the Communications Act by selling customers’ location data without consent, and they persisted in doing so even after being notified of these violations.
The FCC Enforcement Bureau investigations revealed that all four carriers sold access to their customers’ location information to “aggregators,” who subsequently resold this access to third-party location-based service providers. The investigations also found that each carrier attempted to transfer its responsibility to obtain customer consent onto the recipients of the location information downstream. In numerous instances, valid customer consent was not obtained.
The Communications Act is designed to safeguard customer privacy, with a section explicitly prohibiting carriers from disclosing customer information except as mandated by law or with the individual’s explicit consent. These obligations extend to situations where carriers share customer information with third parties.
AT&T has contested the allegations made by the FCC, which it disputes, and has indicated its plans to appeal the actions on the grounds that, in its perspective, they lack “both legal and factual merit.”
In a media statement, a Verizon spokesperson asserted that the FCC had “misinterpreted both the facts and the law, and we intend to appeal this decision.”
