WASHINGTON, DC — On Friday, the Federal Communications Commission announced its intention to fine the nation’s four largest wireless carriers for selling their customers’ real-time location data to third parties. The fines to be levied against AT&T, Sprint, T-Mobile and Verizon total approximately $207 million, according to Chairman Ajit Pai.
The FCC is taking this action more than a year after press reports found that customer-location data was ending up in the hands of bounty hunters and other unauthorized entities. Location data is among the most sensitive information the carriers possess. In the hands of unscrupulous data brokers, it can be used to compromise the safety and violate the most basic rights of people in the United States.
In June 2019, Free Press, Georgetown Law’s Center on Privacy and Technology and New America’s Open Technology Institute filed a complaint with the FCC calling on the agency to investigate the four providers’ sale of customer-location data. On Thursday, the groups said that the agency’s failure to act in a timely manner left customers at the mercy of powerful companies all too willing to sell out their privacy.
Free Press Senior Policy Counsel Gaurav Laroia made the following statement:
“While we’re pleased to see this FCC take any action at all against the carriers, it’s too little, too late. Press reports surfaced over a year ago that AT&T, Sprint, T-Mobile and Verizon were selling their customers’ real-time location information to data brokers in violation of their duties under the Communications Act. That information was then available on the open market, putting people in real physical danger.
“The carriers have shown an egregious contempt for the law. The Communications Act plainly lists location data as the kind of private information that carriers have a duty to protect and are forbidden to sell without their customers’ permission. Yet the companies showed complete disregard for the law and for our safety in pursuit of a few extra dollars.
“With all the attention devoted to the serious misdeeds of online platforms like Facebook, Twitter and Google, we haven’t paid enough attention to the very real threats the carriers pose to our privacy rights.
“The glaring illegality at the center of this location-sharing scandal makes the FCC’s belated and paltry enforcement action look even weaker. No amount of money can undo the real-world harm that sharing this information with the likes of criminals and bounty hunters has caused. Any fine must be designed to take into full account the damages to potentially millions of people. It must be high enough to deter this behavior in the future and ensure that carriers respect their obligations under the law. Compared to their collective revenues, $207 million is a slap on the wrist amounting to less than one one-thousandth of their annual take. As a fine, it will fail the people these companies harmed and only guarantee that these businesses continue to prioritize their profits over our privacy.”