US wireless carriers fined millions for sharing customers’ personal data

The US government has issued draconian fines against major wireless carriers AT&T, Sprint, T-Mobile, and Verizon following an investigation revealing the unauthorised sharing of customers’ personal data. The sanctions stem from 2020 allegations by the Federal Communications Commission (FCC) that the carriers had unlawfully shared users’ geolocation histories with third parties, including prisons, as part of their commercial programs. The fines target sharing user location information with data resellers, known as ‘location aggregators,’ who then distribute the data to third-party customers.

AT&T faces a fine of $57 million, while Verizon was fined nearly $47 million. Sprint received a $12 million fine, and T-Mobile was fined $80 million. Despite promises to cease the practice after the issue came to light in 2018, carriers continued for nearly a year or longer, according to the FCC. The investigation, initiated during the Trump administration, revealed that carriers attempted to shift responsibility for obtaining customer consent onto downstream recipients of location information, often resulting in no valid customer consent.

Responding to the fines, all wireless carriers intend to appeal the FCC’s decision. AT&T, Verizon, and T-Mobile assert that the FCC’s order lacks legal and factual merit, with each carrier highlighting its efforts to address the situation and emphasising its commitment to customer privacy. T-Mobile, in particular, discontinued its location data-sharing program five years ago and plans to challenge the decision, stating that the fine is excessive.

The investigation into unauthorised data sharing gained stimulus in 2018 when Oregon Democratic Senator Ron Wyden’s probe revealed that cellphone location information had made its way to Securus, a provider of prison phone services. Wyden commended the FCC for holding the companies accountable and stressed the importance of protecting customer privacy and safety.