FCC commissioner Jessica Rosenworcel sent a letter to AT&T and other carriers this week asking for proof that the carrier has stopped selling its customers’ real-time location data to third-party data aggregators.
Over the past year, AT&T, T-Mobile and Sprint became embroiled in a pair of scandals involving location data and bail bond firms. An investigative report from Motherboard found that between 2012 and 2017, location data from carriers, including T-Mobile, AT&T and Sprint, had been captured by a so-called location aggregator called Locaid (later renamed LocationSmart). LocationSmart then sold that data to a number of different companies, including CerCareOne. In turn, CerCareOne sold the data to bounty hunters and bail bondsmen, enabling them to find the real-time location of mobile phones.
In addition to providing GPS data, CerCareOne had also provided assisted-GPS (A-GPS) data, which can hone in on a person’s exact location within a building, according to the report.
Mobile location data has become a powerful tool in online and mobile advertising to help target ads to customers based on their location. GPS data is also used in apps like Uber and Lyft.
None of the companies specifically denied that they had sold GPS data to third-party location data aggregators like LocationSmart.
The Motherboard report followed an inquiry by a senator on the issue in the summer of 2018. At the time, the three carriers and Verizon all issued statements declaring that they would put a stop to the location data abuse.
In her letter, Rosenworcel asked the carriers to provide an update (PDF) on its efforts to stop this type of location data abuse, and she asked AT&T to confirm the date AT&T ended its arrangements to sell the location data and A-GPS data of its customers. She asked AT&T to respond by May 15.