$200 Million Fine Against the Nation's Largest Wireless Carriers Is Long Overdue

WASHINGTON — On Monday, the Federal Communications Commission announced nearly $200 million in fines against wireless carriers AT&T, Sprint, T-Mobile and Verizon for illegally sharing location data of their customers without first securing their consent.

According to an FCC announcement, “Sprint and T-Mobile – which have merged since the investigation began – face fines of more than $12 million and $91 million, respectively. AT&T is fined more than $57 million, and Verizon is fined almost $47 million.”

Today’s news confirms a 2020 agency announcement of the FCC’s intention to investigate the carriers’ misconduct and levy these fines. Following a preliminary investigation, the FCC under then-Chairman Ajit Pai found that the large U.S. carriers were selling customers’ real-time location data to third parties.

The FCC today announced that it will send forfeiture orders to the four carriers. This  action is in part a response to a 2019 VICE investigation that found data brokers selling access to these carriers’ customer-location data — information that was accessible to bounty hunters and others who weren’t authorized to possess it. “Even after being made aware of this unauthorized access, all four carriers continued to operate their programs without putting in place reasonable safeguards to ensure that the dozens of location-based service providers with access to their customers’ location information were actually obtaining customer consent,” the FCC said today.

Carriers are obligated under the Communications Act to take reasonable measures to protect their customers’ location data. This includes obtaining affirmative, express customer consent before using, disclosing or allowing access to such information.

Free Press Policy Counsel Jenna Ruddock said:

“Location data is among the most sensitive information carriers like AT&T possess. And in this case, the information these major carriers collect made its way readily to unscrupulous data brokers, bounty hunters and law enforcement, among others. In these hands it can be used to compromise people’s safety and violate their most basic rights. The Communications Act plainly lists location data as the kind of private information that carriers have a duty to protect; they are explicitly forbidden to sell this data without their customers’ permission. Yet the companies have historically shown disregard for the law and our safety as they pursue profits above all else.

“While we’re pleased to see the FCC’s decision to levy fines against these carriers, it took a long time for the agency to follow through on the previous administration’s work. For more than 900 days we had a deadlocked FCC and the agency was contending with other delays the industry engineered. Even the massive fine for this latest data-sharing scandal cannot adequately compensate for the harms inflicted when carriers illegally shared with bad actors the data of millions of customers. Any fine must be high enough to deter this dangerous behavior from continuing. These fines represent a small fraction of these companies’ massive annual profits.

“Wireless carriers are entrusted with some of our most sensitive information. We’re grateful that the Biden FCC has finally followed through on the enforcement action begun under the last administration and taken these violations seriously.”