The Federal Communications Commission (FCC) has imposed fines totaling $200 million on the four largest mobile carriers in the U.S. for unlawfully sharing customers' location data, the agency disclosed on Monday.
T-Mobile received the heaviest fine of $80 million, in addition to a $12 million penalty for its subsidiary, Sprint, which it acquired in 2020. AT&T was fined more than $57 million, while Verizon received a fine of almost $7 million.
The fines originate from allegations made by the FCC in 2020 under the Trump administration, which accused the carriers of failing to protect users' location data.
The carriers have rejected the allegations and indicated their intention to contest the fines.
The FCC's enforcement bureau found through its investigation that each carrier had sold access to their customers' location information to "aggregators" who then resold it to third-party location-based service providers.
The FCC noted that the carriers "attempted to offload" their obligation to obtain customer consent onto others, leading to a failure to secure such consent.
Carriers are legally obligated to implement reasonable measures to protect certain customer information, including location data, according to the FCC.
The FCC highlighted that the initial negligence was compounded when the carriers continued to sell access to location information without adequate safeguards even after being aware that existing protections were insufficient.
"Our communications providers have access to some of the most sensitive information about us. These carriers failed to protect the information entrusted to them. Here, we are talking about some of the most sensitive data in their possession: customers’ real-time location information, revealing where they go and who they are," said FCC Chair Jessica Rosenworcel in a statement.
"As we resolve these cases – which were first proposed by the last Administration – the Commission remains committed to holding all carriers accountable and making sure they fulfill their obligations to their customers as stewards of this most private data," she added.
All carriers fined stated their intentions to appeal the decision.
“The FCC order lacks both legal and factual merit. It unfairly holds us responsible for another company’s violation of our contractual requirements to obtain consent, ignores the immediate steps we took to address that company’s failures, and perversely punishes us for supporting life-saving location services like emergency medical alerts and roadside assistance that the FCC itself previously encouraged. We expect to appeal the order after conducting a legal review,” an AT&T spokesperson said in a statement.
A T-Mobile spokesperson also challenged the allegations and described the fine as "excessive."
“This industry-wide third-party aggregator location-based services program was discontinued more than five years ago after we took steps to ensure that critical services like roadside assistance, fraud protection and emergency response would not be disrupted. We take our responsibility to keep customer data secure very seriously and have always supported the FCC’s commitment to protecting consumers, but this decision is wrong, and the fine is excessive. We intend to challenge it,” the spokesperson said.
A spokesperson for Verizon said the company intends to challenge the agency’s order.
“When one bad actor gained unauthorized access to information relating to a very small number of customers, we quickly and proactively cut off the fraudster, shut down the program, and worked to ensure this couldn’t happen again. Unfortunately, the FCC’s order gets it wrong on both the facts and the law, and we plan to appeal this decision,” Verizon said.