Multiple United States cell phone carriers have been collectively fined approximately $200 million by the Federal Communications Commission (FCC) for allegedly sharing customers’ location data without their consent.
According to FOX Business, the FCC issued the fine to AT&T, T-Mobile, Sprint, and Verizon, accusing the providers of sharing access to location information of customers “without consent and without taking reasonable measures to protect that information against unauthorized disclosure.”
“Sprint and T-Mobile – which have merged since the investigation began – face fines of more than $12 million and $80 million, respectively. AT&T is fined more than $57 million, and Verizon is fined almost $47 million,” the FCC announced.
“Our communications providers have access to some of the most sensitive information about us. These carriers failed to protect the information entrusted to them. Here, we are talking about some of the most sensitive data in their possession: customers’ real-time location information, revealing where they go and who they are,” said FCC Chairwoman Jessica Rosenworcel.
“As we resolve these cases – which were first proposed by the last Administration – the Commission remains committed to holding all carriers accountable and making sure they fulfill their obligations to their customers as stewards of this most private data,” she added.
The FCC stated:
In 2018, U.S. Senator Ron Wyden first highlighted the use case which launched the agency’s investigation and the legal concerns stemming from it in a public letter to its leadership. The FCC Enforcement Bureau investigations of the four carriers found that each carrier sold access to its customers’ location information to “aggregators,” who then resold access to such information to third-party location-based service providers. In doing so, each carrier attempted to offload its obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained. This initial failure was compounded when, after becoming aware that their safeguards were ineffective, the carriers continued to sell access to location information without taking reasonable measures to protect it from unauthorized access.
Under the law, including section 222 of the Communications Act, carriers are required to take reasonable measures to protect certain customer information, including location information. Carriers are also required to maintain the confidentiality of such customer information and to obtain affirmative, express customer consent before using, disclosing, or allowing access to such information. These obligations apply equally when carriers share customer information with third parties.
FOX Business reports:
https://en-volve.com/2024/05/01/major-u-s-wireless-carriers-hit-with-200-million-fine/The FCC claimed “aggregators” that received customer location data from the carriers turned around and charged third-party location-based service providers for access at a price.
The carriers kept up their practice of selling access to such data even “after becoming aware that their safeguards were ineffective,” the regulator also alleged.
“This industry-wide third-party aggregator location-based services program was discontinued more than five years ago after we took steps to ensure that critical services like roadside assistance, fraud protection and emergency response would not be disrupted,” T-Mobile told FOX Business. “We take our responsibility to keep customer data secure very seriously and have always supported the FCC’s commitment to protecting consumers, but this decision is wrong, and the fine is excessive. We intend to challenge it.”
AT&T also took issue with the FCC’s move and indicated to FOX Business it plans to challenge the order “after conducting a legal review.”
The Texas-based carrier argued it “unfairly holds us responsible for another company’s violation of our contractual requirements to obtain consent, ignores the immediate steps we took to address that company’s failures, and perversely punishes us for supporting life-saving location services like emergency medical alerts and roadside assistance that the FCC itself previously encouraged.”
“Verizon is deeply committed to protecting customer privacy,” company spokesperson Rich Young told FOX Business. “In this case, when one bad actor gained unauthorized access to information relating to a very small number of customers, we quickly and proactively cut off the fraudster, shut down the program, and worked to ensure this couldn’t happen again. Unfortunately, the FCC’s order gets it wrong on both the facts and the law, and we plan to appeal this decision.”
The old program, which Verizon ended over five years ago, “required affirmative, opt-in customer consent and was intended to support services like roadside assistance and medical alerts,” according to Young.
No comments:
Post a Comment