The Federal Communications Commission has fined four US mobile operators for failing to protect consumer real-time location data. The FCC has proposed fine of over USD 91 million for T-Mobile US, over USD 57 million for AT&T, over USD 48 million for Verizon and more than USD 12 million for Sprint. The operators were also admonished for disclosing customer location information without authorisation to a third party.
The operators apparently disclosed the information for years, between 2014 and 2017. The matter came to light following public reports that a Missouri sheriff used a “location-finding service” operated by Securus, a provider of communication services to correctional facilities, to access the location information of mobile operator customers without their consent. Securus said it discontinued the tool in May 2018.
The FCC explained that the size of the proposed fines differs based on the length of time each continued to sell access to its customer location information without reasonable safeguards and the number of entities that received access to the information. The proposed actions, formally called Notices of Apparent Liability for Forfeiture and Admonishment, or NALs, are not final; the companies can still challenge their liability or the amount of the fine.
T-Mobile said in a statement that it ended its location-sharing programme in February 2019 and would fight the proposed fine, the Wall Street Journal reported. “While we strongly support the FCC’s commitment to consumer protection, we fully intend to dispute the conclusions of this NAL and the associated fine,” a company spokesperson said. Spokespeople for AT&T, Verizon and Sprint said they were still reviewing the notices.
Meanwhile, other parties said the fine was too late and too little: “The FCC’s investigation is a day late and a dollar short,” FCC commissioner Jessica Rosenworcel said, adding that a 30-day grace period for potential future violations amounted to a “get-out-of-jail-free” card.
