The Federal Communications Commission (FCC) has imposed fines totalling nearly US$200 million on the United States’ largest mobile carriers, including AT&T, Sprint, T-Mobile, and Verizon, for allegedly sharing customers’ location data without consent.
The FCC discovered that these carriers had provided their customers’ location information to “aggregators,” who then sold it to third-party location-based service providers. This action was taken without directly obtaining the consent of the customers, effectively shifting this critical responsibility onto the third parties handling the data downstream. Despite being alerted to these practices, the carriers reportedly failed to take adequate steps to restrict access to the sensitive data.
T-Mobile is subject to the heaviest fine at US$80 million, followed by AT&T with a fine of about US$57 million, and Verizon is close behind at approximately US$47 million. Sprint, which has since merged with T-Mobile, faces a US$12 million penalty. These amounts reflect adjustments made by the FCC in response to the carriers’ compliance efforts following an initial notice.
Public reporting, including a notable 2019 article by tech journalist Joseph Cox for Motherboard, sparked the FCC’s investigation. The Wall Street Journal reported that delays in finalising these penalties were attributed to a deadlock at the FCC awaiting the confirmation of a fifth commissioner.
In reaction to the FCC’s fines, AT&T and Verizon have expressed strong disagreement and intentions to appeal. AT&T spokesperson Alex Byers criticised the decision as lacking in both “legal and factual merit,” arguing that it unfairly penalises AT&T for the failings of another company under contract to ensure customer consent. Verizon’s spokesperson, Richard Young, highlighted the swift action taken by the company against unauthorised data access by a “bad actor” and described the FCC’s order as fundamentally flawed.
