All four major U.S. wireless carriers face proposed FCC wireless consumer protection fines that total more than $200 million and involve customer location data.
According to the complaint announced today, the carriers apparently disclosed customer location information without their consent and continued to sell access to that information without “reasonable” safeguards.
The carriers had several commonsense options to impose reasonable safeguards (such as verifying consent directly with customers via text message or app) but failed to take the reasonable steps needed to protect customers from unreasonable risk of unauthorized disclosure, according to the FCC.
Specific fines include:
- T-Mobile faces a proposed fine of more than $91 million
- AT&T faces a proposed fine of more than $57 million
- Verizon faces a proposed fine of more than $48 million
- Sprint faces a proposed fine of more than $12 million.
FCC Wireless Consumer Protection Fines
According to the FCC, all four carriers sold access to their customers’ location information to “aggregators,” who then resold access to such information to third-party location-based service providers. The exact practices varied, but each carrier relied heavily on contract-based assurances that the location-based services providers (acting on the carriers’ behalf) would obtain consent from the wireless carrier’s customer before accessing that customer’s location information. All four carriers apparently continued to sell access to their customers’ location data without putting in place reasonable safeguards to ensure that the dozens of location-based services providers acting on their behalf were actually obtaining consumer consent.
“American consumers take their wireless phones with them wherever they go. And information about a wireless customer’s location is highly personal and sensitive, said FCC Chairman Ajit Pai in a prepared statement in a press release about the proposed FCC wireless consumer protection fines. “The FCC has long had clear rules on the books requiring all phone companies to protect their customers’ personal information. And since 2007, these companies have been on notice that they must take reasonable precautions to safeguard this data and that the FCC will take strong enforcement action if they don’t. This FCC will not tolerate phone companies putting Americans’ privacy at risk.”
FCC enforcements actions recently had centered around enforcing robocall rules, as Telecompetitor reported.