The largest US wireless carriers, AT&T, Sprint, T-Mobile, and Verizon, face nearly $200 million in fines from the Federal Communications Commission (FCC) for illegally selling real-time location information data, which often end going up to “bail-bond companies, bounty hunters, and other shady actors.”
In a case proposed by the last Administration, the FCC Enforcement Bureau looked into the actions of four carriers and discovered that each carrier sold access to its customers’ location information to “aggregators.” These aggregators then resold access to such information to third-party location-based service providers.
According to the FCC, carriers sold access to location data without customer consent and continued to do so without reasonable safeguards to protect that information against unauthorized disclosure.
T-Mobile and Sprint – which have merged since the investigation began – face fines of more than $80 million and $12 million, respectively. AT&T has been fined more than $57 million, and Verizon almost $47 million.
“Our communications providers have access to some of the most sensitive information about us. These carriers failed to protect the information entrusted to them. Here, we are talking about some of the most sensitive data in their possession: customers’ real-time location information, revealing where they go and who they are,” said Jessica Rosenworcel, FCC Chairwoman.
The FCC found that carriers attempted to offload their obligation to obtain user consent onto downstream recipients of location information. In many instances, no valid consent was obtained.
Even worse, the carriers continued to sell access to location data after they realized that their safeguards were ineffective.
“News reports revealed that the largest wireless carriers in the country were selling our real-time location information to data aggregators, allowing this highly sensitive data to wind up in the hands of bail-bond companies, bounty hunters, and other shady actors. This ugly practice violates the law,” Rosenworcel said.
Carriers are required to protect sensitive customer information, maintain the confidentiality of such customer information, and obtain affirmative, express customer consent before using, disclosing, or allowing access to such information.
The reckless practice came to light in 2018 after public reports that a Missouri Sheriff used a “location-finding service” to track the location of numerous individuals. The service was operated by Securus, a provider of communications services to correctional facilities.
According to the FCC, all four carriers, being aware of the unauthorized access, continued to operate their programs without putting in place reasonable safeguards.
Brendan Carr, Commissioner of the FCC, noted that all of the participating carriers ended their location-based service programs.
“This is not to say that location-based service providers have ended their operations. They have simply shifted to obtaining this same type of location information from other types of entities.”
Your email address will not be published. Required fields are markedmarked