FCC fines U.S. carriers over sale of customer location data, T-Mobile faces $91 million fine


As expected, the FCC has officially proposed fines against T-Mobile and the other major U.S. carriers over the sale of customer location data.

The FCC announced today that T-Mobile, Sprint, AT&T, and Verizon will all face fines for “apparently selling access to their customers’ location information without taking reasonable measures to protect against unauthorized access to that information.”

T-Mobile is facing the largest fine of the four carriers with a proposed fine of more than $91 million. AT&T is being fined more than $57 million, Verizon is facing a fine of more than $48 million, and Sprint’s fine is more than $12 million. In total, the four carriers are being fined more than $208 million.

FCC Chairman Ajit Pai said that his agency has had “clear rules” about requiring phone companies to protect their customers’ personal information and that, since 2007, the companies have been on notice that they must take reasonable steps to protect this data or face enforcement. “This FCC will not tolerate phone companies putting Americans’ privacy at risk,” Pai added.

The FCC began investigating the carriers following reports that Missouri Sheriff Cory Hutcheson used a “location-finding service” from Securus to access the location of wireless carriers’ customers without their consent between 2014 and 2017. All four major U.S. carriers sold access to their customers’ location info to aggregators who then resold that info to third-party location-based services like Securus, the FCC says.

Each carrier relied on contract-based assurances that these aggregators would obtain consent from the customers before accessing their location, but Hutcheson’s unauthorized access of hundreds of customers’ location data “made clear that the carriers’ existing measures to safeguard this data were inadequate,” explains the FCC.

“Yet all four carriers apparently continued to sell access to their customers’ location information without putting in place reasonable safeguards to ensure that the dozens of location-based service providers acting on their behalf were actually obtaining consumer consent.”

All four carriers will now have a chance to respond to the FCC’s proposed fines and the FCC will consider these arguments before taking any further action. I asked T-Mobile for a statement on the FCC’s fine and received the following statement:

“We take the privacy and security of our customers’ data very seriously. When we learned that our location aggregator program was being abused by bad actor third parties, we took quick action. We were the first wireless provider to commit to ending the program and terminated it in February 2019 after first ensuring that valid and important services were not adversely impacted. While we strongly support the FCC’s commitment to consumer protection, we fully intend to dispute the conclusions of this NAL and the associated fine.”

Source: FCC

Tags: , , , , , ,

  • Shaun Michalak

    I would like to know how they came up with these amounts.. Was it based on number of infractions, or by time, or was there some kind of discrimination at play?? Since the main time frame mentioned started in 2014, T-Mobile really did not have many customers back then.. When you think about it, AT&T and Verizon both had 2 to 3 times the number of customers that T-Mobile has now, yet T-Mobile is being fined almost twice as much as the other 2?? The time frames are even between all of them on when they allowed this to happen.. So why is T-Mobile fines soo much more then the other big 2?

    • Ben

      Perhaps T-Mobile’s infraction was the most egregious of them all. This seems like a slap on the wrist instead of punitive.
      My question is since it was OUR information they sold, will we get a share of the proceeds?

      • dcmanryan

        Nope. The government will fine them and roll in their dollar bills while you were the one violated.

      • Joke’s on us: “Yo, your data really isn’t worth anything”

      • Shaun Michalak

        I doubt it.. But since it was a per basis thing, most likely, most of the people that were being tracked, were people being looked for by law enforcement, bounty hunters, repo people, etc.. So me and you probably are not even in that list of people that their info was sold..

      • MissedCall

        Pai worked at Verizon from 2001 to 2003.