FCC fines wireless carriers millions for sharing user locations without consent

Tuesday, April 30, 2024
WASHINGTON -- The US government has issued millions of dollars in fines to AT&T, Sprint, T-Mobile and Verizon after an investigation found the nation's top wireless carriers had illegally shared customers' personal data without their consent.

The fines stem from allegations in 2020 by the Federal Communications Commission that for years, the companies had improperly shared users' geolocation histories to third parties, including to prisons, as part of their commercial programs.
[Ads /]
The fines target a practice in which carriers shared user location information with data resellers, known in the industry as "location aggregators." These aggregators passed the data onward to their own third-party customers.

Despite promising to stop the tactic after press reports and a congressional probe brought the issue to light in 2018, carriers took nearly a year, or in some cases even longer, to finally stop doing so, the FCC said Monday, wrapping up a matter launched during the Trump administration.

"Each carrier attempted to offload its obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained," the FCC said in a release.

The FCC said AT&T must pay $57 million, while Verizon was fined nearly $47 million. Sprint was fined $12 million and T-Mobile $80 million. Since the investigation began, Sprint and T-Mobile merged in 2020.



In response to the FCC fines, all of the wireless carriers said they expect to appeal the decision.

"The FCC order lacks both legal and factual merit," AT&T said in a statement. "It unfairly holds us responsible for another company's violation of our contractual requirements to obtain consent, ignores the immediate steps we took to address that company's failures, and perversely punishes us for supporting life-saving location services like emergency medical alerts and roadside assistance that the FCC itself previously encouraged. We expect to appeal the order after conducting a legal review."
[Ads /]
Verizon said it was "deeply committed to protecting customer privacy."

"In this case," the company said in a statement, "when one bad actor gained unauthorized access to information relating to a very small number of customers, we quickly and proactively cut off the fraudster, shut down the program, and worked to ensure this couldn't happen again. Unfortunately, the FCC's order gets it wrong on both the facts and the law, and we plan to appeal this decision."

T-Mobile said in a statement its location data-sharing program was "discontinued more than five years ago after we took steps to ensure that critical services like roadside assistance, fraud protection and emergency response would not be disrupted. We take our responsibility to keep customer data secure very seriously and have always supported the FCC's commitment to protecting consumers, but this decision is wrong, and the fine is excessive. We intend to challenge it."

In 2018, a probe by Oregon Democratic Sen. Ron Wyden found that the cellphone location information had found its way to Securus, a provider of prison phone services. In the wrong hands, the data could be abused to spy on virtually all Americans. Wyden, at the time, called on the FCC to investigate.



"No one who signed up for a cell plan thought they were giving permission for their phone company to sell a detailed record of their movements to anyone with a credit card," Wyden said in a statement Monday. "I applaud the FCC for following through on my investigation and holding these companies accountable for putting customers' lives and privacy at risk."

The-CNN-Wire & 2023 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.
Copyright © 2024 WLS-TV. All Rights Reserved.