FCC Proposes Over $200M in Fines for Wireless Location Data Violations
The Federal Communications Commission proposed fines against the nation’s four largest wireless carriers for apparently selling access to their customers’ location information without taking reasonable measures to protect against unauthorized access to that information. As a result, T-Mobile faces a proposed fine of more than $91 million; AT&T faces a proposed fine of more than $57 million; Verizon faces a proposed fine of more than $48 million; and Sprint faces a proposed fine of more than $12 million. The FCC also admonished these carriers for apparently disclosing their customers’ location information, without their authorization, to a third party.
The FCC’s Enforcement Bureau opened this investigation following public reports that a Missouri Sheriff, Cory Hutcheson, used a “location-finding service” operated by Securus, a provider of communications services to correctional facilities, to access the location information of the wireless carriers’ customers without their consent between 2014 and 2017. In some cases, Hutcheson provided Securus with irrelevant documents like his health insurance policy, his auto insurance policy, and pages from Sheriff training manuals as evidence of his authorization to access wireless customer location data.
All four carriers mentioned above sold access to their customers’ location information to “aggregators,” who then resold access to such information to third-party location-based service providers (like Securus). Although their exact practices varied, each carrier relied heavily on contract-based assurances that the location-based services providers (acting on the carriers’ behalf) would obtain consent from the wireless carrier’s customer before accessing that customer’s location information. Although the carriers had several commonsense options to impose reasonable safeguards (such as verifying consent directly with customers via text message or app), the carriers apparently failed to take the reasonable steps needed to protect customers from unreasonable risk of unauthorized disclosure. The size of the proposed fines for the four wireless carriers differs based on the length of time each carrier apparently continued to sell access to its customer location information without reasonable safeguards and the number of entities to which each carrier continued to sell such access.
- FCC Proposes $91.6M Fine against T-Mobile in Location Information Case
- FCC Proposes $57.2M Fine against AT&T in Location Information Case
- FCC Proposes $48.3M Fine against Verizon in Location Information Case
- FCC Proposes $12.2M Fine against Sprint in Location Information Case
FCC Proposes Over $200M in Fines for Wireless Location Data Violations FCC proposes roughly $200 million in fines against wireless carriers for mishandling customers’ location data (Washington Post) T-Mobile Gets the Fine Crown in Proposed FCC Wireless Carrier Consumer Protection Fines Totaling $200 Million (telecompetitor) FCC issues wrist-slap fines to carriers that sold your phone-location data (ars technica)