Largest wireless carriers fined nearly $200 million for illegally sharing location data

The Federal Communications Commission on Monday fined the largest U.S. wireless carriers nearly $200 million for illegally sharing access to customers’ location information.

The FCC is finalizing fines first proposed in February 2020, including $80 million for T-Mobile; $12 million for Sprint, which T-Mobile has since acquired; $57 million for AT&T, and nearly $47 million for Verizon Communications.

The carriers sold “real-time location information to data aggregators, allowing this highly sensitive data to wind up in the hands of bail-bond companies, bounty hunters, and other shady actors,” FCC Chair Jessica Rosenworcel said in a statement.

The wireless carriers said they plan to challenge the fines.

Carriers have allowed the use of location-data for programs like roadside assistance, logistics, medical emergency alert services, human trafficking alerts and fraud prevention.

“Smartphones are always with us, and as a result these devices know where we are at any given moment,” Rosenworcel said. Citing the sensitivity of geolocation data, she added, “In the wrong hands, it can provide those who wish to do us harm the ability to locate us with pinpoint accuracy.”

T-Mobile said the FCC “decision is wrong, and the fine is excessive. We intend to challenge it.”

T-Mobile said the “industry-wide third-party aggregator location-based services program was discontinued more than five years ago after we took steps to ensure that critical services like roadside assistance, fraud protection and emergency response would not be disrupted.”

Verizon said it has worked to protect customers: When “one bad actor gained unauthorized access to information relating to a very small number of customers, we quickly and proactively cut off the fraudster, shut down the program, and worked to ensure this couldn’t happen again.”

AT&T criticized the order as lacking “both legal and factual merit. It unfairly holds us responsible for another company’s violation of our contractual requirements to obtain consent, ignores the immediate steps we took to address that company’s failures, and perversely punishes us for supporting life-saving location services.”

The FCC said carriers relied on contract-based assurances that service providers would obtain consent from carriers’ customers before accessing location information.

Lawmakers in 2019 expressed outrage that aggregators were able to buy user data from wireless carriers and sell “location-based services to a wide variety of companies” and others, including bounty hunters.

—David Shepardson, Reuters

https://www.fastcompany.com/91115277/largest-wireless-carriers-fined-nearly-200-million-for-illegally-sharing-location-data?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss