Governance & Risk Management
,
Privacy
,
Standards, Regulations & Compliance
Commission Approves Long-Anticipated Fines for Verizon, T-Mobile, AT&T and Sprint
The Federal Communications Commission announced Monday that it has approved long-anticipated fines against the largest U.S. cellular companies for selling customers’ location information to third parties and failing to protect that data from privacy violations.
See Also: EU-US Data Privacy Framework: Your Questions Answered
The commission approved $91 million in fines for T-Mobile, $57 million for AT&T, $48 million for Verizon and $12 million for Sprint, which T-Mobile acquired in 2020. The fines were first proposed in 2020, after lawmakers called on the FCC to investigate the apparent abuse of location data.
“No one who signed up for a cell plan thought they were giving permission for their phone company to sell a detailed record of their movements to anyone with a credit card,” Sen. Ron Wyden, D-Ore., said in a statement following the FCC’s announcement. Wyden flagged the practice in 2018, when he sent a letter to then-FCC Chairman Ajit Pai urging the commission to investigate what consent requirements cellphone providers implement to provide third parties with customer location information and other data.
The nearly $200 million in fines come after the FCC’s enforcement bureau launched investigations into the four carriers and found that each sold access to its customers’ location information to “aggregators” who then resold that information to third-party location-based service providers, according to a statement. Federal law requires wireless carriers to take reasonable measures to keep certain customer data – including location information – secure.
“Our communications providers have access to some of the most sensitive information about us,” FCC Chairwoman Jessica Rosenworcel said in the statement. “These carriers failed to protect the information entrusted to them.”
Rosenworcel also said that the cases against the major cellular providers “were first proposed by the last administration” but that the FCC “remains committed to holding all carriers accountable.”
The FCC’s investigations found that the four major cellular providers continued to operate location information-sharing programs with third parties even after being made aware of unauthorized access to their users’ data. The statement also says the providers continued the practice “without putting in place reasonable safeguards to ensure that the dozens of location-based service providers with access to their customers’ location information were actually obtaining customer consent.”
All four of the companies criticized the approval and said they planned to contest the charges, Reuters reported. In a statement sent to Information Security Media Group, an AT&T spokesperson said the fines lack “both legal and factual merit.”
The order “unfairly holds us responsible for another company’s violation of our contractual requirements to obtain consent” and “perversely punishes us for supporting life-saving location services,” the spokesperson said.
Verizon, T-Mobile and Sprint did not immediately return requests for comment.