FCC Fines AT&T, Sprint, T-Mobile, and Verizon Nearly $200 Million for Illegally Sharing Access to Customers' Location Data

The Federal Communications Commission fined the nation’s largest wireless carriers for illegally sharing access to customers’ location information without consent and without taking reasonable measures to protect that information against unauthorized disclosure. Sprint and T-Mobile—which have merged since the investigation began—face fines of more than $12 million and $80 million, respectively.  AT&T is fined more than $57 million, and Verizon is fined almost $47 million. The FCC Enforcement Bureau investigations of the four carriers found that each carrier sold access to its customers’ location information to “aggregators,” who then resold access to such information to third-party location-based service providers. In doing so, each carrier attempted to offload its obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained. This initial failure was compounded when, after becoming aware that their safeguards were ineffective, the carriers continued to sell access to location information without taking reasonable measures to protect it from unauthorized access. Under the law, including section 222 of the Communications Act, carriers are required to take reasonable measures to protect certain customer information, including location information. Carriers are also required to maintain the confidentiality of such customer information and to obtain affirmative, express customer consent before using, disclosing, or allowing access to such information. These obligations apply equally when carriers share customer information with third parties.