The Federal Communications Commission (FCC) announced $200 million in fines against wireless carriers AT&T, Sprint, T-Mobile, and Verizon this week after the companies were found to have illegally shared users’ location data with third parties.
“[W]e are talking about some of the most sensitive data in their possession: customers’ real-time location information, revealing where they go and who they are,” the FCC’s Chairwoman said in a press release.
The agency cited section 222 of the Communications Act, which requires carriers to take “reasonable measures” to protect the location information of customers. Instead, the FCC stated, the companies shirked their responsibility by selling off the sensitive data to aggregators, who in turn resold the information to “third-party location-based service providers.” Section 222 also notes that telecommunications carries still have an obligation to protect consumers’ privacy even after their data has been sold.
According to the FCC press release, an investigation was opened following a report that a Missouri sheriff was getting location data without customer consent or legal authorization. A 2018 report in the New York Times recounted how Corey Hutcheson, a now former Missouri sheriff, used the private service to track cellphones without court orders.
“Between 2014 and 2017, the sheriff, Cory Hutcheson, used the service at least 11 times, prosecutors said. His alleged targets included a judge and members of the State Highway Patrol,” reported the Times.
Despite being made aware of the data violations, the FCC said, none of the companies took measures to patch up their data security practices.
While the fines stem from investigations stretching back years, the FCC announced that it will be increasing “privacy, data protection, and cybersecurity-related investigations to protect consumers” in recent months.
Those steps include a new Privacy and Data Protection task force with some states, as well as increased overseas partnerships to step up enforcement on privacy and robocalls.
In February, the FCC cracked down on AI generated robocalls pretending to be President Joe Biden during the New Hampshire primary, ruling that people can’t send artificial or prerecorded voice calls, including AI-generated voices, without the recipient’s express consent.
The internet is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here to get the best (and worst) of the internet straight into your inbox.