The FCC is prepared to fine carriers over $200 million over the apparent mishandling of customers' precise location data. That's according to reports citing persons close to the matter, who indicate that the initial fines could be much higher. The final amount that's expected stems from carriers' ability to respond and contest the fines.
There's presently no apparent timeline regarding when the fines might be leveled against the service providers. Carriers involved in the case include all of the top providers in the US. That's Verizon, Sprint, AT&T, T-Mobile.
What's the location data issue at contention between the FCC and carriers
The FCC's fines stem from a probe that initially started back in 2018. At the time, the focus was placed on carriers' websites containing flaws that led to location data being leaked.
From that, the focus shifted to how carriers allow third-party companies to access location data. That data's accurate, according to FCC Commissioner Jessica Rosenworcel, to within a few hundred meters. More pertinently, mobile network providers allowed aggregators to buy user data. The data was then sold in the form of location-based services.
The biggest contention here is that data could easily have been bought and used for malicious purposes. Specifically, the concern is that the data could be misappropriated via less legitimate companies. The carriers purportedly “investigated, suspended access to the data and subsequently terminated those programs," once the allegation of that misuse came to light, back in January.
That's not the sole contention here either. The data being sold was effectively real-time location data for consumers. Carriers also directly sold user location-data for less nefarious users from roadside assistance and logistics medical emergency alert services, human trafficking alerts, and fraud prevention.
Access to real-time data presents a more acute risk since it goes well beyond the problems present from other location data. Bad actors and others don't need to analyze movements for patterns or other cues when examining real-time data. So the nature of the data itself also raises issues more generally as a problem with consumer privacy.
New T-Mobile will undoubtedly face the highest fines here
Since this case is likely to be drawn out as carriers challenge the fines, a carrier not mentioned in the reports may ultimately face the biggest fine. Namely, that's "New T-Mobile" — which will result from the now-approved $26-billion merger between Sprint and T-Mobile.
The companies presently expect to be joined by early April but they will be fined in this case separately. Depending on the timeline of that merger and the finalization of fine amounts, that means the new T-Mobile will be paying fines from the FCC for both carriers over the allocation of user data. Conversely, the remaining carriers will be paying a single fine.
Regardless, at least some lawmakers are not impressed with the fines that are likely to be imposed. Senator Ron Wyden, for example, claims that the FCC failed at every step to protect consumers. Moreover, Senator Wyden implies the fines are "comically inadequate" and will have no real impact on the practice in question.