Over the past eight months, mobile network operators have been caught three times selling location data without proper privacy protection. Each time the FCC has discovered AT&T, Sprint, T-Mobile US and Verizon selling people’s location data, the carriers have responded by “promising each time to take corrective action.” However, those promisings aren’t binding, and carriers haven’t stopped sharing their customers’ location data with third-parties interested in buying it.
“[T]he FCC’s Enforcement Bureau has completed its extensive investigation and… it has concluded that one or more wireless carriers apparently violated federal law,” Pai wrote in a letter today to Democratic members of Congress who asked for an update on the probe.Ars Technica
Last year, Motherboard reported that bounty hunters could access location-history data for specific phones and were regularly selling that information to customers. According to the report, bounty hunters purchased this location data without any hacking or previous knowledge of the phone’s location.
Which Laws Are These Companies Violating?
There are FCC regulations in place to protect people’s sensitive information, including real-time location data. These companies that are openly selling or sharing user-data are failing to uphold those regulations. Companies that violate these regulations are subject to fines and other penalties, but so far the FCC has failed to take action.
Section 222 of the Communications Act says that carriers cannot use or disclose location information “without the express prior authorization of the customer”. It’s unclear if mobile carriers are getting consent from customers in their contracts or user agreements.
Why Isn’t The FCC Taking Action?
Perhaps the FCC assumed that major carriers promising not to sell user location-data anymore would be enough. However, if these companies failed to change their practices the first and second time, why will this time be any different?
The FCC is apparently still working to determine what action to take against the carriers that violated people’s privacy rights.