On April 29, the Federal Communications Commission (FCC) fined the some of the largest wireless carriers in the United States for illegally sharing access to customers’ location without their consent and failing to adequately safeguard that information against unauthorised disclosure. The fines, which total nearly $200 million, have been levied against four companies – Sprint, T-Mobile, AT&T and Verizon, announced yesterday in an official press release. T-mobile has been fined more than $80 million, while Sprint (which merged with T-Mobile after the investigation began) faces a fine of over $12 million. AT&T is fined more than $57 million, and Verizon is fined almost $47 million.
This development is the result of an FCC Enforcement Division investigation, which began after public reports that the location information of customers was being shared by these companies, without consent, to a Missouri sheriff through Securus, a provider of communications services to correctional facilities, to track the location of numerous individuals.
How customers’ location data was made available to third-parties?
The investigations revealed that each carrier sold access to its customers’ location information to data aggregators who then resold access to such information to third-party location-based service providers. In doing so, the carriers attempted to shirk their responsibilities of obtaining consumer consent onto downstream third-parties, which in many instances meant that no valid customer consent was ever obtained. As a 2020 press release stated, each carrier relied on assurances that service providers like Securus would obtain consent from the wireless carrier’s customer before accessing that customer’s location information. However, as the sheriff was able to access the user data of hundreds of people without any consent, it was clear that the carriers’ existing measures to safeguard this data were inadequate. Despite this, the carriers continued to sell access to user locations even after becoming aware that their safeguards were ineffective and did not implement any new safeguards.
FCC Chairwoman Jessica Rosenworcel said, “Our communications providers have access to some of the most sensitive information about us. These carriers failed to protect the information entrusted to them. Here, we are talking about some of the most sensitive data in their possession: customers’ real-time location information, revealing where they go and who they are. As we resolve these cases – which were first proposed by the last Administration – the Commission remains committed to holding all carriers accountable and making sure they fulfill their obligations to their customers as stewards of this most private data.”
STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!
Also Read: