FCC Fines Verizon, T-Mobile and AT&T $200 Million for Sharing Customer Location Data
The agency issued penalties to the carriers for selling customer data to third parties without consent.
The Federal Communications Commission has fined AT&T, Verizon, T-Mobile and Sprint a combined $200 million in penalties for illegally sharing access to customer location data without their consent.
The FCC brought the claim against the US carriers in 2020 and is serving the fined judgment now. The agency stated that the carriers sold access to customers' location data to aggregators, which in turn sold that information to third parties, and in doing so "attempted to offload its obligations to obtain customer consent onto downstream recipients of location information" which meant that valid customer consent wasn't obtained in some cases, an FCC press release (PDF) stated Monday.
"These carriers failed to protect the information entrusted to them. Here, we are talking about some of the most sensitive data in their possession: customers' real-time location information, revealing where they go and who they are," said FCC Chairwoman Jessica Rosenworcel.
These cases were brought up during the last administration, Rosenworcel pointed out, and cover incidents from years ago. AT&T was fined $57 million, while Verizon was fined $46 million. Sprint, which merged with T-Mobile in 2020, was fined $12 million; T-Mobile itself was fined $80 million.
Read more: All the Ways Your Cellphone Carrier Tracks You and How to Stop It
The carriers have pushed back on the agency's case and the fine amounts, with AT&T decrying that the FCC calculated its fines without a hearing or citing a specific example in which its customers' data was unlawfully shared. The carriers noted that the agency's order concerns a customer location-sharing program to support services like roadside assistance and medical alerts that was shut down over five years ago, and it required opt-in customer consent.
Both AT&T and Verizon acknowledged a single related incident of fraud wherein "one bad actor" got unauthorized access to a very small number of customers' location data, which the carriers responded to by cutting off access and bolstering protections.
"The order penalizes us for trying to maintain valued consumer services offered by companies with absolutely no track record of misconduct and ignores that we took immediate steps to address the failures of one bad apple," said Alex Byers, AT&T's director of communications and PR.
T-Mobile, AT&T and Verizon plan to appeal the fines.
The FCC noted in its press release that this investigation was kicked off by public reports that US carriers were sharing customer location information without consent to a Missouri sheriff via third-party data vendor Securus, which provides services to correctional facilities.