The Federal Communications Commission is fining the largest US mobile carriers a combined nearly $200 million for allegedly illegally sharing customers’ location data without their consent.
The FCC says it found the carriers “sold access to its customers’ location information to ‘aggregators,’ who then resold access to such information to third-party location-based service providers.” The agency says the carriers effectively “attempted to offload” their responsibility to get customers’ consent to share their location data with “downstream recipients.” Even after being made aware of the issue, the FCC claims, the carriers still failed to limit access to the information.
The fines vary across carriers. T-Mobile faces the largest at $80 million. Sprint, which merged with T-Mobile since the investigation began, faces a $12 million fine. AT&T faces the second-largest fine at roughly $57 million, followed by Verizon at around $47 million. T-Mobile’s and Verizon’s fines are actually lower than what was initially proposed by the agency based on their responses to the FCC’s original notice.
The FCC opened the investigation after it was publicly reported on by various outlets. Tech journalist Joseph Cox wrote about the issue in 2019 for Motherboard. While plans for the FCC fine were reported back in 2020, the final call was stalled by a prolonged deadlock at the agency as it awaited a fifth commissioner’s confirmation, according to The Wall Street Journal.
AT&T spokesperson Alex Byers said the FCC’s action “lacks both legal and factual merit. It unfairly holds us responsible for another company’s violation of our contractual requirements to obtain consent, ignores the immediate steps we took to address that company’s failures, and perversely punishes us for supporting life-saving location services like emergency medical alerts and roadside assistance that the FCC itself previously encouraged. We expect to appeal the order after conducting a legal review.”
Verizon spokesperson Richard Young said that the company took swift action when “one bad actor gained unauthorized access to information relating to a very small number of customers.” He said the central issue involves “an old program that Verizon shut down more than half a decade ago.” Young added that the FCC order “gets it wrong on both the facts and the law, and we plan to appeal this decision.”
T-Mobile declined to provide an on-the-record response.