Cellphone Carriers May Face $200 Million in Fines for Selling Location Data

The Federal Communications Commission is set to propose about $200 million in fines against four major cellphone carriers for selling customers’ real-time location data, according to three people briefed on the discussions.

The penalties would be some of the largest the agency has imposed in decades and represent the first action it has taken on the issue, though privacy advocates and critics in Congress say even that response is inadequate. The amount is not final, and the companies — AT&T, Sprint, T-Mobile and Verizon — will have the opportunity to respond and argue against the fines.

The trade in location data has emerged as a sensitive privacy issue because it affects hundreds of millions of people and can reveal intimate details about their lives, including personal relationships and visits to doctors. “It puts the safety and privacy of every American with a wireless phone at risk,” Jessica Rosenworcel, a Democratic commissioner at the F.C.C., said in a statement last month about the agency’s investigation.

Sale of the data is widespread among app makers and other technology companies, but the telecommunications sector is subject to more stringent laws protecting customers’ confidentiality.

But the companies did not always obey those contracts and the carriers had little way of enforcing them, allowing troves of personal information to be used in ways consumers had never intended. The F.C.C. found that the cellphone companies had broken federal law by being negligent with the data.

After the 2018 article and questions from lawmakers, the carriers pledged publicly to limit sales of the data, saying they would wind down their existing contracts with location aggregators. But a report in 2019 showed the data was still available to bounty hunters and others.

Later that year, the companies said in response to questions from an F.C.C. commissioner that they had stopped the practice.

The continued sale of data was the impetus behind the penalties, which amount to tens of millions of dollars for each carrier, people familiar with the matter said. The F.C.C. is fining companies based on the number of days they allowed the data access to continue.

“I am committed to ensuring that all entities subject to our jurisdiction comply” with the law and the F.C.C.’s rules, Mr. Pai said in his letter to lawmakers.

But the time between the initial 2018 report and the proposed penalties, and the expected size of the fines, has raised the ire of privacy hawks. One Democratic commissioner, Geoffrey Starks, wrote an opinion piece in The Times last year complaining that “nearly a year after the news first broke, the commission has yet to issue an enforcement action or fine those responsible.”

Senator Ron Wyden, an Oregon Democrat who has repeatedly pressured the companies and the F.C.C. over the data sharing, said in a statement on Thursday that the chairman “only investigated after public pressure mounted,” adding that the fines were “comically inadequate” to deter future privacy violations.

Be the first to comment

Leave a Reply

Your email address will not be published.