AT&T, Sprint, T-Mobile, and Verizon Fined for Failing to Protect Our Location Data

May 31, 2024

Most Americans know their smart devices are tracking them. They know their location data has been increasingly used for marketing purposes with little regulation and without their consent. But last month, the Federal Communications Commission (FCC) took decisive action to safeguard consumer privacy. The agency fined AT&T, Sprint, T-Mobile, and Verizon nearly $200 million for illegally sharing customers’ location data without consent, sending a signal that violating consumer privacy will not be tolerated.

Photo by Chris Yang on Unsplash

The FCC found the carriers to be committing not just minor infractions, but of failing to safeguard our most personal data. Carriers were found to be illegally sharing access to customers’ real-time location information to “aggregators,” which act as intermediaries between the carriers and various third-party location-based service providers.

Under current laws regulating wireless carriers, companies must obtain consent directly from customers to share location information. However, the primary carriers facing fines shared the data anyway, putting the responsibility of consent on the aggregators who then sold the data to third-party providers. In many instances, the third parties also aggregators also failed to get consent, resulting in a chain of nonconsensual data sharing from the carriers to the aggregators to the service providers. After learning of the problem, the carriers continued these practices, the FCC noted in its complaint.

This enforcement action follows an investigation into a Missouri sheriff using a location-based telecommunication service provider, Securus, to illegally trace the calls of judges and other law enforcement officers.

Luckily for us, the FCC has been taking steps to increase privacy safeguards. Already, the Customer Proprietary Network Information (part of the Telecommunications Act of 1996), establishes what types of data carriers can collect about customers’ phone activity and restricts their ability to use or grant access to outside parties with few exceptions. In March, that went a step further with the FCC issuing a new rule on data breaching and reporting requirements, emphasizing the critical importance of keeping medical, religious beliefs, personal association, and other aspects of an individual’s private life private.

State-level enforcement on location-related privacy violations has also ramped up in recent years. In September 2023, the California State Attorney General fined Google $93 million for improperly storing and using customer data for advertising purposes without their consent.

As digital privacy becomes increasingly paramount to consumer safety, this case not only serves as a warning to service providers, it underscores the urgent need for more stringent measures to protect sensitive information. The hefty fines—$57 million for AT&T, $80 million for T-Mobile, $47 million for Verizon, and $12 million for Sprint—send a clear message that unauthorized sharing of consumer data will not be tolerated.

Get more details of the cases in Violation Tracker.