NEW YORK – The Federal Communications Commission has proposed roughly $200 million in fines combined for the four major U.S. phone companies for improperly disclosing customers’ real-time location.
FCC Chairman Ajit Pai said during a news conference Friday that the fines amounted to $91 million for T-Mobile, $57 million for AT&T, $48 million for Verizon and $12 million for Sprint. More details would be released later Friday. The carriers can object to the proposed fines, which could change. The companies didn’t immediately return calls for comment.
Location data makes it possible to identify the whereabouts of nearly any phone in the U.S. The carriers had apparently allowed outside companies to pinpoint the location of wireless devices without their owners’ knowledge or consent, according to published reports.
Dear passwords:Forget you. Here’s what is going to protect us instead
After word of the fines leaked Thursday, U.S. Sen. Ron Wyden, D-Ore., who had investigated the carriers, said the fines were “comically inadequate” and wouldn’t stop phone companies from abusing Americans’ privacy. He said that big companies “take reckless disregard for Americans’ personal information, knowing they can write off comparatively tiny fines as the cost of doing business.”
In a release Friday, the FCC said the fines were for the carriers “apparently selling access to their customers’ location information without taking reasonable measures to protect against unauthorized access to that information.” It also admonished the carriers for “apparently disclosing their customers’ location information, without their authorization, to a third party.”
Federal law requires that telecommunications carriers protect the confidentiality of some customer data, including location information. The FCC says that carriers must try to protect against unauthorized attempts to gain access to this data and that they or those acting on their behalf must get consent from customers before using it.
One 2018 report showed a prison-communications company called Securus allowing such abuses as letting a sheriff track a judge and others, thanks to information that ultimately came from data broker LocationSmart.
Verizon, AT&T, Sprint and T-Mobile pledged to stop providing information on U.S. phone owners’ locations to LocationSmart, Zumigo and other data brokers later that year. But Congress questioned in early 2019 why sharing by some carriers seemed to have continued, as detailed in a Motherboard report about bounty hunters gaining access to the data in January 2019.
AT&T and T-Mobile said then that they would stop selling all location data from mobile phones to brokers by March 2019.