FCC in USA fines major telephone providers for selling users location data

The Federal Communications Commission (FCC) has imposed fines on major US telecommunications companies for unlawfully selling their subscribers’ location data to third-party data brokers.

As per an FCC announcement, AT&T, Verizon, Sprint, and T-Mobile US, the latter two having merged in 2020, were directed to pay fines of $57 million, $47 million, $12 million, and $80 million, respectively, for their involvement in the unauthorized sharing of customers’ sensitive location details.

FCC Chairwoman Jessica Rosenworcel remarked, “Our communication providers hold access to some of our most sensitive information. These carriers failed to safeguard the data entrusted to them. We’re discussing highly sensitive real-time location information of customers, divulging their whereabouts and identities.”

The FCC’s inquiry revealed that the telcos had sold their subscribers’ location data to data aggregators, who subsequently sold it to third-party location service providers. The commission alleges that each carrier attempted to shift its responsibility to obtain customer consent to these downstream buyers, resulting in a lack of valid consent for data sharing.

The FCC’s Enforcement Bureau emphasized that the law “clearly states that carriers cannot absolve their statutory obligations to protect their customers’ CPNI [customer proprietary network information] by delegating such responsibilities to third parties.”

The issue of telecom firms providing customer location data surfaced in 2018 when US Senator Ron Wyden (D-OR) urged then-FCC Chairman Ajit Pai to investigate claims that Securus Technologies had purchased real-time location data from major wireless carriers. Although the FCC under Pai’s leadership concluded in 2020 that the telcos likely violated the law, the consequences remained ambiguous.

Senator Wyden commended the FCC’s decision, asserting, “No cell plan subscriber anticipated their phone company selling a detailed record of their movements to anyone with a credit card. I commend the FCC for pursuing my investigation and holding these companies accountable for endangering customers’ lives and privacy.”

The unauthorized sale of location data not only raises privacy concerns but also has national security ramifications. A recent study by Duke University found that information on US military personnel and their families was available from data brokers for as little as $0.12 per record, underscoring the potential risks associated with such practices.

While the FCC’s action seeks to hold telcos accountable, privacy advocates and legislators are advocating for stronger measures to safeguard consumer data, including a proposed bill to prohibit the US government from purchasing citizens’ information from data brokers.