FCC Probe Finds Mobile Carriers Didn’t Safeguard Customer Location Data

- AT&T, T-Mobile among companies facing hundreds of millions of dollars in fines
- Selling Location Data for Law Enforcement & to Corporations


The Federal Communications Commission is seeking hundreds of millions of dollars in fines from the country’s top cellphone carriers after officials found the companies failed to safeguard information about customers’ real-time locations.

The proposed fines, which could total more than $200 million, are expected to be announced Friday, one of the people said. Last month, FCC chairman Ajit Pai notified members of Congress that an agency investigation had concluded that “one or more” carriers had apparently violated federal law by disclosing real-time location data

The FCC moved after some of the carriers had continued sharing their subscribers’ coordinates even after they told members of Congress they were cutting off the middlemen companies from using their data feeds. Verizon has said it stopped sharing cellular location data in 2018. AT&T and T-Mobile said in early 2019 that they were cutting off some location data sharing.

The top U.S. wireless providers agreed to curb their data sharing after independent reporting found data aggregators were misusing feeds that provided subscribers’ real-time locations. Upon request, the carriers would pinpoint specific subscribers and share the result with middlemen companies, which then shared the information with hundreds of other businesses.

“Consumers have no choice but to share highly private information with a provider about everywhere they go” to obtain cellular service, said Laura Moy, associate director at the Center on Privacy & Technology at Georgetown Law. “Carriers are not allowed to turn around and sell that location information to anyone with a phone number and a few dollars to spend. But this has been a widespread practice, and the FCC has been slow to rein it in.”

Data aggregators LocationSmart Inc. and Zumigo Inc. told The Wall Street Journal they distributed real-time locations to legitimate clients, including bank fraud-detection departments and roadside assistance services. But others used the data feeds for what the carriers said were unauthorized purposes. One prison phone provider created a website that let law-enforcement agencies find the location of any cellphone user without obtaining a court order, the New York Times and Motherboard have reported. wsj.com