The Federal Communications Commission is seeking hundreds of millions of dollars in fines from the country’s top cellphone carriers after officials found the companies failed to safeguard information about customers’ real-time locations, according to people familiar with the matter.
The telecommunications regulator in recent weeks informed AT&T Inc., Sprint Corp., T-Mobile US Inc. and Verizon Communications Inc. of pending notices of apparent liability, the people said. Such notices aren’t final, and the companies can still argue they aren’t liable or should pay less. It would ultimately fall on the U.S. Justice Department to collect any penalties.
The proposed fines, which could total more than $200 million, are expected to be announced Friday, one of the people said. Last month, FCC chairman Ajit Pai notified members of Congress that an agency investigation had concluded that “one or more” carriers had apparently violated federal law by disclosing real-time location data.
The FCC moved after some of the carriers had continued sharing their subscribers’ coordinates even after they told members of Congress they were cutting off the middlemen companies from using their data feeds. Verizon has said it stopped sharing cellular location data in 2018. AT&T and T-Mobile said in early 2019 that they were cutting off some location data sharing.
The top U.S. wireless providers agreed to curb their data sharing after independent reporting found data aggregators were misusing feeds that provided subscribers’ real-time locations. Upon request, the carriers would pinpoint specific subscribers and share the result with middlemen companies, which then shared the information with hundreds of other businesses.
Some privacy advocates criticized the FCC action as overdue.
“Consumers have no choice but to share highly private information with a provider about everywhere they go” to obtain cellular service, said Laura Moy, associate director at the Center on Privacy & Technology at Georgetown Law. “Carriers are not allowed to turn around and sell that location information to anyone with a phone number and a few dollars to spend. But this has been a widespread practice, and the FCC has been slow to rein it in.”
Sen. Ron Wyden (D., Ore.), who wrote to carriers in 2018 after the location-sharing partnerships were revealed to ask about their data privacy practices, called the proposed fines inadequate. He said in a tweet that strong privacy legislation was needed.
Cellphone companies need to know their subscribers’ coordinates to route calls and data to the right place. That gives them a more consistent view of customers’ movements than app developers, which use global positioning systems, Wi-Fi and other data sources that users can shut off through their smartphone settings. Wireless carriers also sell anonymized location data to marketers.
Data aggregators LocationSmart Inc. and Zumigo Inc. told The Wall Street Journal they distributed real-time locations to legitimate clients, including bank fraud-detection departments and roadside assistance services. But others used the data feeds for what the carriers said were unauthorized purposes. One prison phone provider created a website that let law-enforcement agencies find the location of any cellphone user without obtaining a court order, the New York Times and Motherboard have reported.
The FCC didn’t offer the carriers any settlements, one of the people said. That might prompt some carriers to fight the charges against them through the commission’s administrative process.
The fines, if paid, could fall heavily on T-Mobile if it closes its planned merger with Sprint in the coming weeks. The two companies recently revised the terms of that agreement, which was worth $26 billion when it was signed two years ago.
Under the revised merger, the parent companies of T-Mobile and Sprint agreed to split the cost of any liabilities up to $200 million. Sprint owner SoftBank Group Corp. would be on the hook for excess liabilities above $200 million.
Copyright ©2019 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8