The FCC has determined that several U.S. wireless companies were breaking the law as they collected and sold user location data. The data was abused by law enforcement and additional investigation showed the practice extended to the sale of more detailed 911 emergency location data.
Federal Communications Commission (FCC) Chairman Ajit Pai told lawmakers that the agency's investigation into consumer location data found that one or more wireless carriers appear to have violated federal law. Pai did not specify which carriers were implicated or what specific laws were broken, but he revealed the findings in letters to lawmakers addressing their concerns about carriers selling real-time location data.
"I wish to inform you that the FCC's Enforcement Bureau has completed its extensive investigation and that it has concluded that one or more wireless carriers violated federal law," Pai wrote in the letter.
FCC Democratic Commissioner Jessica Rosenworcel said that "it's a shame that it took so long" for the agency to act.
Senator Ron Wyden, whose office has investigated the sale of phone location data, said in a statement: "When I alerted the FCC in 2018 that wireless carriers were selling their customers' location data to a shady prison phone company which was allowing prison guards to track Americans' cell phones, I knew immediately that the practice was a security and privacy nightmare."
Carriers including Sprint (NYSE: S), AT&T(NYSE: T), T-Mobile US Inc. (NASDAQ: TMUS) and Verizon (NYSE: VZ) were ousted last year after reports stated the carriers sold geolocation data to third-party companies. The companies have since told the FCC that they stopped selling subscribers' data.
Verizon and AT&T directed their comments to the CTIA, a trade body for the wireless communications industry.
CTIA said in a statement: "Wireless companies are committed to protecting the privacy of consumers and share location data only with customer consent. Upon hearing allegations of misuse of the data, carriers quickly investigated, suspended access to the data and subsequently terminated those programs."