FCC Fines Wireless Carriers for Mishandling Customer Location Data

The FCC ruled that the four largest carriers didn't do enough to protect customer location data from unauthorized access in the wake of a 2018 data-sharing scandal.

James Anderson, Senior News Editor

April 29, 2024

3 Min Read
FCC fines wireless carriers
Andrey_Popov/Shutterstock

The Federal Communications Commission is doling out almost $200 million in fines to the largest mobile carriers in the U.S. for giving customers’ location information to unauthorized third parties.

The FCC is fining T-Mobile, Sprint, AT&T and Verizon for selling customer location data to information location aggregators, which then resold the data to other third parties. According to the FCC, many of these third parties had not obtained valid customer consent. The FCC stated that the offending wireless carriers "attempted to offload [their] obligations to obtain customer consent onto downstream recipients of location information."

FCC Fines Wireless Carriers

The four companies received notices of apparent liability from the FCC in 2020, in which the agency said it intended to fine them. Following a lengthy review of the charges, the FCC issued forfeiture orders to all four companies on Monday.

T-Mobile's tab added up to $80 million, not including the $12 million that now-acquired Sprint tallied in fines. T-Mobile managed to get more than $11.5 million knocked off its fine since 2020, after demonstrating that a smaller number of continuing violations had occurred in its location-based services (LBS) program.

AT&T and Verizon are paying fines of $57 million and $47 million, respectively. The Commission noted that it reduced Verizon's fine by more than $1.4 million after Verizon demonstrated that two of the companies it sold location data to did not actually participate its LBS.

What the Carriers Did

The forfeiture orders indicate that all four carriers were working with aggregators, which bought and resold customer location data. All of the carriers used LocationSmart and Zumigo, as well as dozens of others.

The carriers' LBS programs came under scrutiny when the New York Times reported on illegal location tracking by a Missouri sheriff. He had pulled data from Securus, a communications platform prisons use for inmates' phone and video calls. Securus ran LBS software using customer location data from the wireless carriers. The sheriff illegally pulled data from Securus software to spy on multiple people. Moreover, the FCC learned that the carriers automatically registered these information requests as "approved use cases."

The FCC said the carriers failed to implement reasonable safeguards following the 2018 article.

FCC Commissioner Brendan Carr dissented from the forfeiture orders, although he had voted in favor of the notices of apparent liability in 2020. He argued for the federal trade commission (FTC) to be the agency to enforce the findings of the FCC.

"FCC orders rest on a newfound definition of customer proprietary network information (CPNI) that finds no support in the Communications Act or FCC precedent," Carr wrote. "And without providing advance notice of the new legal duties expected of carriers (to the extent we could adopt those new duties at all), the FCC retroactively announces eye-popping forfeitures totaling nearly $200 million."

FCC Chairwoman Jessica Rosenworcel said the carriers "failed" to protect customer information.

Rosenworcel-Jessica_FCC.jpg

"Here, we are talking about some of the most sensitive data in their possession: customers’ real-time location information, revealing where they go and who they are,” Rosenworcel said. “As we resolve these cases – which were first proposed by the last administration – the Commission remains committed to holding all carriers accountable and making sure they fulfill their obligations to their customers as stewards of this most private data."

The FCC is on a bit of a roll, having last week restored net neutrality and banned Chinese broadband providers.

Read more about:

Agents

About the Author

James Anderson

Senior News Editor, Channel Futures

James Anderson is a senior news editor for Channel Futures. He interned with Informa while working toward his degree in journalism from Arizona State University, then joined the company after graduating. He writes about SD-WAN, telecom and cablecos, technology services distributors and carriers. He has served as a moderator for multiple panels at Channel Partners events.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like