Apr 30, 2024 10:53:00

The FCC fined T-Mobile and other major carriers a total of $200 million for illegally sharing users' location data

The Federal Communications Commission (FCC) has fined major telecommunications carriers AT&T, Sprint, T-Mobile, and Verizon a total of approximately $200 million (approximately 31.34 billion yen) for sharing customer location information with third parties without permission.

FCC FINES AT&T, SPRINT, T-MOBILE, AND VERIZON NEARLY $200 MILLION FOR ILLEGAL SHARING ACCESS TO CUSTOMERS' LOCATION DATA
(PDF file)

https://docs.fcc.gov/public/attachments/DOC-402213A1.pdf

FCC fines AT&T, Sprint, T-Mobile, and Verizon nearly $200 million for illegally sharing location data - The Verge
https://www.theverge.com/2024/4/29/24144599/fcc-fine-att-sprint-verizon-t-mobile-location-data

FCC fines big three carriers $196M for selling users' real-time location data | Ars Technica
https://arstechnica.com/tech-policy/2024/04/fcc-fines-big-three-carriers-196m-for-selling-users-real-time-location-data/

AT&T, Verizon, Sprint, T-Mobile US fined for privacy woe • The Register
https://www.theregister.com/2024/04/29/fcc_telecom_fines/

According to the FCC, the carriers fined this time shared their customers' location data without their consent with aggregators , who then resold the data to other location-related businesses.

The fines vary by carrier, with T-Mobile paying $80 million, AT&T paying $57 million, Verizon paying $47 million, and Sprint paying $12 million.

According to the FCC's investigation, AT&T shared data with 88 third-party carriers, Sprint with 86, T-Mobile with 75, and Verizon with 67. The FCC strongly criticized the carriers, saying, 'The fact that they sold information to aggregators, who then resold it to third-party carriers, represents an attempt by the carriers to shift liability downstream.'

The issue first came to light in 2018, when it was discovered that

Securus , a service that helps connect people incarcerated in correctional and criminal facilities, had disclosed customer location information it received from telecommunications carriers to state sheriffs.

'Our findings show that the nation's largest telecommunications carriers are selling our real-time location data to aggregators, making it available to bail bondsmen, bounty hunters, and other shady actors. This egregious practice violates the law, particularly Section 222 of the Communications Act, which protects the privacy of consumer data,' FCC Chairman Jessica Rosenworcel said in 2018, and called on the carriers to do just that.

However, all four of the fined carriers continued their location-sharing programs without putting in place safeguards to ensure that operators with access to the data had customer consent.

In response to this decision, AT&T argued that the program in question ended in 2019 and that the FCC's decision was incorrect. Veriton and T-Mobile also disagreed with the decision and indicated they would appeal. Sprint merged with T-Mobile after the FCC's investigation began.

'The information sharing was intended to support services like vehicle accident compensation and medical reporting,' said Veriton spokesman Rich Young. 'In this case, we discovered that a single bad actor had gained unauthorized access to that information, and we have taken steps to end the program and ensure that this never happens again. The FCC's decision is contrary to the facts and the law, and we plan to fight it in court.'