The Federal Communications Commission (FCC) has taken decisive action against the nation’s four largest mobile carriers, imposing a hefty fine of $200 million for the unauthorized sharing of customers’ location data. 

This move underscores the agency’s commitment to consumer privacy and protecting sensitive information.

The breakdown of fines

T-Mobile: The leading fine of $80 million reflects the gravity of the alleged breach, compounded by an additional $12 million for its subsidiary, Sprint.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

AT&T: With a fine exceeding $57 million, AT&T faces significant repercussions.

Verizon: The carrier was fined $46 million, signaling Verizon’s alleged involvement in the data breach.

Verizon Wireless sign. (Verizon)

MORE: WAYS THE GOVERNMENT IS WATCHING YOU AND WHAT YOU CAN DO TO PROTECT YOUR PRIVACY

Investigation findings and allegations

The FCC’s enforcement bureau alleges that each carrier sold access to customer location data to “aggregators,” who then resold it to third-party service providers. They further allege that this chain of actions occurred without proper customer consent, a clear violation of FCC regulations. The allegations initially brought to light under the Trump administration suggest a failure to safeguard user location data.

THE WORST MALWARE, SECURITY AND PRIVACY BREACHES OF 2023

MORE: FIND OUT WHY CELLPHONE COMPANIES NOW MUST BLOCK OBVIOUS SCAM TEXTS

Legal requirements and carrier obligations

Carriers are mandated by law to protect customer information, including location data. The FCC highlighted the carriers’ “initial failure” to do so, even after being aware that their safeguards were ineffective.

The FCC’s stance

FCC Chair Jessica Rosenworcel emphasized the sensitivity of real-time location information and the carriers’ failure to act as responsible stewards of this data. The FCC’s resolve remains firm in holding carriers accountable, and she had this to say in a statement:

“Our communications providers have access to some of the most sensitive information about us. These carriers failed to protect the information entrusted to them. Here, we are talking about some of the most sensitive data in their possession: customers’ real-time location information, revealing where they go and who they are. As we resolve these cases — which were first proposed by the last Administration — the Commission remains committed to holding all carriers accountable and making sure they fulfill their obligations to their customers as stewards of this most private data.”

The mobile carriers’ stance

However, the mobile carriers are not standing down and intend to challenge the FCC’s decision.

An AT&T spokesperson said in a statement:

“The FCC order lacks both legal and factual merit. It unfairly holds us responsible for another company’s violation of our contractual requirements to obtain consent, ignores the immediate steps we took to address that company’s failures, and perversely punishes us for supporting life-saving location services like emergency medical alerts and roadside assistance that the FCC itself previously encouraged.  We expect to appeal the order after conducting a legal review.”

Meanwhile, T-Mobile had this to say:

“This industry-wide third-party aggregator location-based services program was discontinued more than five years ago after we took steps to ensure that critical services like roadside assistance, fraud protection and emergency response would not be disrupted. We take our responsibility to keep customer data secure very seriously and have always supported the FCC’s commitment to protecting consumers, but this decision is wrong, and the fine is excessive. We intend to challenge it.”

Verizon spokesman Rich Young offered this response:

“Verizon is deeply committed to protecting customer privacy. In this case, when one bad actor gained unauthorized access to information relating to a very small number of customers, we quickly and proactively cut off the fraudster, shut down the program, and worked to ensure this couldn’t happen again. Unfortunately, the FCC’s order gets it wrong on both the facts and the law, and we plan to appeal this decision.

“Keep in mind, the FCC’s order concerns an old program that Verizon shut down more than half a decade ago. That program required affirmative, opt-in customer consent and was intended to support services like roadside assistance and medical alerts.”

MORE: AT&T DATA LEAK FROM 73 MILLION CUSTOMERS — WHAT YOU NEED TO DO NEXT

Can I do anything to ensure I’m not sharing my location?

You can check that you’re not accidentally sharing your location by clicking here. While following the tips in our article would likely enhance your privacy settings and reduce the risk of unauthorized location sharing by apps and services on your devices, it may not have prevented carriers like AT&T, Verizon and T-Mobile from sharing location data in the manner described by the FCC’s allegations.

The issue at hand involved the carriers’ practices of selling access to customer location data to aggregators, which is a separate matter from the location settings on your device. The carriers were fined for not obtaining proper customer consent and not safeguarding the data as per FCC regulations, which is a different aspect of privacy protection than what is controlled through device settings.

MORE: TOP AFFORDABLE CELLPHONE PLANS

Steps you can take to protect your privacy

In response to the FCC’s action against mobile carriers for unauthorized sharing of location data, you can take several steps to protect yourself and enhance your privacy:

1. Understand your rights: Know what your rights are regarding data privacy and how carriers are supposed to protect your information.

2. Review privacy policies: Regularly review the privacy policies of your mobile carrier and any apps you use to understand how your data is being used.

3. Manage app permissions: Be vigilant about the permissions you grant to apps, especially regarding location data. Only allow access to apps that need it for core functionality.

4. Opt-out of data sharing: If your carrier provides the option, opt out of any data-sharing initiatives.

5. Contact your carrier: If you have concerns about how your data is being handled, contact your carrier directly to express your concerns and request more information about their data protection measures.

6. Stay proactive: Regularly update your device’s security settings and stay proactive about protecting your personal information.

7. Use privacy tools: Consider using privacy-focused tools and services, such as VPNs, which can help mask your location from third parties. A VPN can protect you against being tracked and identify your potential location on websites you visit.  Depending on their privacy settings, many sites can read your IP address and may display the city from which you are corresponding. A VPN will disguise your IP address to show an alternate location. See my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

Kurt’s key takeaways

The FCC’s actions serve as a reminder of the sanctity of personal data. In an era where information is power, protecting customer data is paramount. The fines imposed are not just monetary penalties but a call to action for all service providers to uphold the trust placed in them by consumers. As the carriers prepare to appeal, the industry watches closely, knowing that the outcome of this case could set a precedent for data privacy and protection standards moving forward.

In light of the FCC’s recent fines for unauthorized sharing of location data, what measures do you believe mobile carriers should implement to ensure the privacy and trust of their customers? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover.

Answers to the most-asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.