While making plans to fill US coffers with billions from midband spectrum auctions, the FCC could pile on another $208 million more in the form of fines against the US's four largest mobile carriers over alleged user data violations.
The FCC is proposing fines in excess of $208 million against T-Mobile ($91 million), AT&T ($57 million), Verizon ($48 million) and Sprint ($12 million), on allegations that they violated rules that require carriers or those acting on their behalf to "obtain affirmative, express consent from a customer before using, disclosing, or allowing access to this data."
The allegations and proposed sanctions are not final Commission actions, as the mobile operators still have a chance to respond and put forth a defense before the issue is put to rest.
The FCC is proposing the fines over allegations that the carriers failed to adequately protect consumer location data by disclosing location information without consent and then continuing to sell access to that data "without reasonable safeguards."
The FCC said all four carriers sold access to customer location data to various aggregators that then resold access to such information to third-party location-based service providers.
The FCC noted that its Enforcement Bureau opened the investigation in the wake of reports that a Missouri Sheriff, Cory Hutcheson, used a "location-finding service" operated by Securus, a provider of communications services to correctional facilities, to access the location information of the wireless carriers' customers without their consent between 2014 and 2017. In some cases, Hutcheson provided Securus with irrelevant documents (like his health insurance policy, auto insurance policy and pages from Sheriff training manuals) as evidence of his authorization to access wireless customer location data, the FCC said.
"Since 2007, these companies have been on notice that they must take reasonable precautions to safeguard this data and that the FCC will take strong enforcement action if they don't. Today we do just that," FCC Chairman Ajit Pai said in a statement. "This FCC will not tolerate phone companies putting Americans' privacy at risk."
The proposal arrives weeks after Pai announced that multiple US wireless carriers violated federal law in their sale of customer location data, but didn't name them. The FCC was facing criticism that it was slow to act upon allegations of consumer data usage violations by US mobile service providers.
Advocacy group Free Press called today's action "too little, too late" and a "slap on the wrist," noting that the announcement comes more than a year after reports discovered that customer-location data was put in the hands of people who could use it for harm. "That information was then available on the open market, putting people in real physical danger," the group said in a statement.
- US Wireless Carriers Violated Federal Law in Sale of Location Data, FCC Says
- Democrats Press FCC on Carriers' Sale of User Location Data
- FCC OKs midband moves for 5G
— Jeff Baumgartner, Senior Editor, Light Reading