AT&T’s John Stankey, T-Mobile’s Mike Sievert, Verizon’s Hans Vestberg and the leaders of other mobile operators all received similar letters this week from FCC Chairwoman Jessica Rosenworcel asking them to respond with details about their companies’ mobile data sharing policies and procedures. They have until August 3 to respond.
Other industry leaders getting similar letters are UScellular’s Laurent (LT) Thierivel, Dish’s Erik Carlson, C-Spire’s Hu Meena, Comcast’s Brian Roberts and Charter Communications’ Danny Bowman. The leaders of Best Buy Health, Consumer Cellular, Google, H2O Wireless, Lycamobile, Mint Mobile and Red Pocket received similar letters as well, for a total of 15.
The letters ask carriers about their processes for sharing subscriber geolocation data with law enforcement and other third parties’ data sharing agreements.
The FCC also wants to know how consumers are notified when their geolocation information is shared with third parties.
“Mobile internet service providers are uniquely situated to capture a trove of data about their own subscribers, including the subscriber’s actual identity and personal characteristics, geolocation data, app usage, and web browsing data and habits,” the letter states.
“The highly sensitive nature of this data – especially when location data is combined with other types of data – and the ways in which this data is stored and shared with third parties is of utmost importance to consumer safety and privacy,” Rosenworcel wrote.
The FCC noted that this inquiry is consistent with previous agency actions to protect consumers’ location-based data.
In 2020, the four largest U.S. carriers at that time faced combined FCC fines totaling more than $200 million for selling access to customers’ real-time location data without their consent to unauthorized third parties, even after operators were made aware of the issue.
An FCC investigation found that even after several highly public press reports revealed customer data was getting into unauthorized hands, AT&T, T-Mobile, Sprint and Verizon all continued to sell access to the sensitive information to so-called “aggregators” without putting adequate safeguards in place, in some cases for more than a year, with T-Mobile getting the largest fine.