FCC Fines AT&T, Sprint, T-Mobile, and Verizon for Unauthorized Sharing of User Location Data
Yesterday, the Federal Communications Commission (FCC) imposed significant fines on the country’s top wireless carriers for illegally sharing access to customers’ location information without consent in violation of the Customer Proprietary Network Information (CPNI) rules. The fines, totaling almost $200 million, were the result of an investigation initiated in 2020 into the companies’ dealings with data aggregators who collected and sold the data to third parties without proper authorization.
Background
- In a split decision, the FCC fined AT&T $57 million, Verizon $47 million, Sprint $12 million, and T-Mobile $80 million.
- The carriers failed to meet their obligations under Section 222 of the Communications Act, which requires them to protect customer information and obtain affirmative, express customer consent before sharing such information with third parties.
- The FCC found that the carriers failed to take reasonable measures to protect customer information and did not obtain proper consent before sharing location data with third parties.
- The carriers had attempted to offload their obligations to obtain customer consent onto downstream recipients of location information, resulting in many instances where no valid customer consent was obtained.
Looking Ahead
This enforcement action highlights the importance of robust CPNI compliance. Wireless carriers should review their data sharing practices and ensure compliance with requirements to obtain proper consent before sharing customer information, particularly with sensitive matters such as real-time location data.
The CommLaw Group Can Help!
By proactively addressing CPNI compliance issues, wireless carriers can mitigate the risk of regulatory penalties and safeguard customer trust in the protection of their sensitive information. If you need assistance or have further questions, contact the attorney assigned to your account or directly contact members of The CommLaw Group’s Information, Privacy, Data Security, and Consumer Protection practice group:
Linda McReynolds, CIPP/US, at lgm@commlawgroup.com or 703-714-1318
Diana James, at daj@commlawgroup.com or 703-663-6757