US fines mobile networks for illegally sharing user location data

30 Apr 2024

Image: © Tada Images/Stock.adobe.com

Sprint and T-Mobile, now both under the T-Mobile brand, face a collective fine of $92m while AT&T faces $57m and Verizon faces $47m.

Some of the biggest mobile network operators in the US, including Verizon and T-Mobile, have been fined nearly $200m for illegally sharing access to customers’ real-time location data without their consent.

The Federal Communications Commission (FCC) said yesterday (29 April) that it has charged Verizon, AT&T, T-Mobile and Sprint (which merged with T-Mobile in 2020) for sharing user location data without taking “reasonable measures” to protect that information against unauthorised disclosure.

“Our communications providers have access to some of the most sensitive information about us. These carriers failed to protect the information entrusted to them,” said FCC chair Jessica Rosenworcel. “Here, we are talking about some of the most sensitive data in their possession: customers’ real-time location information, revealing where they go and who they are.”

Sprint and T-Mobile, now both under the T-Mobile brand, face a collective fine of $92m while AT&T faces $57m and Verizon $47m.

“As we resolve these cases – which were first proposed by the last administration – the Commission remains committed to holding all carriers accountable and making sure they fulfil their obligations to their customers as stewards of this most private data,” Rosenworcel added.

The FCC investigation found that the mobile network operators sold access to real-time customer location data to so-called aggregators, who then resold this access to third-party location-based service providers.

It alleges that the carriers had no valid customer consent to share this data and that they “continued to sell” access to location information without taking reasonable measures to protect it from unauthorised access even after becoming aware that their safeguards were ineffective – breaching US law.

“The protection and use of sensitive personal data such as location information is sacrosanct. When placed in the wrong hands or used for nefarious purposes, it puts all of us at risk,” said Loyaan A Egal, chief of the FCC enforcement bureau and chair of its privacy and data protection task force.

“Foreign adversaries and cybercriminals have prioritised getting their hands on this information, and that is why ensuring service providers have reasonable protections in place to safeguard customer location data and valid consent for its use is of the highest priority for the enforcement bureau.”

Last week, FCC voted to restore its previous net neutrality rules to regulate the broadband sector in the US and prevent internet providers from meddling in broadband speeds.

Rules around net neutrality were introduced during the presidency of Barack Obama, but were reversed during Donald Trump’s presidency.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Vish Gain was a journalist with Silicon Republic

editorial@siliconrepublic.com