The Federal Communications Commission (FCC) has levied a hefty fine of nearly $200 million on the four largest wireless carriers in the US– AT&T, Verizon, T-Mobile (including its subsidiary Sprint) – for illegally sharing customers’ location data. This action, announced in February 2020 and finalized today, marks the culmination of a multi-year investigation that exposed a widespread practice with serious implications for user privacy.
Four years ago, the FCC initiated an investigation following allegations that major wireless carriers, including AT&T, Sprint, T-Mobile, and Verizon, had unlawfully shared customers’ geolocation data to “location aggregators” without their consent. This data, in turn, was passed onto their own third-party customers. The FCC alleges that this practice resulted in user location data falling “into the hands of bail-bond companies, bounty hunters, and other shadowy actors,” as stated by FCC Chair Jessica Rosenworcel. And from the looks of it, the carriers, according to the investigation, failed to obtain explicit permission from their customers before sharing their location data.
The four wireless carriers at the center of the FCC’s investigation – AT&T, Verizon, T-Mobile (including its subsidiary Sprint which merged in 2020) – represent the dominant players in the US mobile landscape. These companies currently control a vast majority of the market share. With their extensive network coverage, diverse service plans, and brand recognition, they cater to millions of American subscribers – which is why the findings of the investigation are all the more concerning. User location data is a highly sensitive piece of information, capable of revealing a detailed picture of an individual’s movements and routines. With this data in the hands of unauthorized third parties, users could potentially be tracked, stalked, or even targeted for scams or harassment.
“Our communications providers have access to some of the most sensitive information about us. These carriers failed to protect the information entrusted to them. Here, we are talking about some of the most sensitive data in their possession: customers’ real-time location information, revealing where they go and who they are,” Rosenworcel said. “As we resolve these cases – which were first proposed by the last Administration – the Commission remains committed to holding all carriers accountable and making sure they fulfill their obligations to their customers as stewards of this most private data.”
In response to the investigation’s findings, the FCC imposed significant fines totaling $200 million on the four major wireless carriers. T-Mobile faced the highest penalty of $80 million, followed by AT&T with a financial penalty of $57 million. Next comes Verizon, which was hit with a fine of nearly $47 million, and is followed by Sprint and its fine of $12 million.
For their part, all four wireless carriers expressed their intention to appeal the FCC’s decision. AT&T, Verizon, T-Mobile, and Sprint denounced the fines as unjust and contested the legal and factual basis of the FCC’s findings. AT&T, in its statement, criticized the FCC order for “perversely punishing” them for supporting “life-saving location services.” Similarly, T-Mobile called the fine “excessive” and revealed that the program in question had been discontinued entirely over five years ago. The FCC decision “is wrong, and the fine is excessive. We intend to challenge it,” a spokesperson for T-Mobile commented on the matter.
