Major U.S. wireless carriers have faced contrasting legal outcomes in their battles against Federal Communications Commission fines for selling customer location data without consent, creating an uncertain landscape for consumer privacy protection .
Background on data selling practices
In 2018, investigations revealed that major telecommunications providers were selling customers' real-time location data to third-party brokers without proper notification or consent. This practice involved carriers selling access to sensitive geolocation information to aggregators, who then resold the data to other companies, creating a gray market for cell phone location data. The exposed data allowed buyers, including law enforcement and bounty hunters, to track individuals' movements without their knowledge.
FCC enforcement actions
The Federal Communications Commission responded in April 2024 by imposing nearly $200 million in total fines across the industry. AT&T received a $57 million penalty, Verizon faced a $46.9 million fine, T-Mobile was fined over $80 million, and Sprint received more than $12 million . The FCC determined that carriers violated Section 222 of the Communications Act, which requires maintaining customer information confidentiality and obtaining express consent before sharing location data.
Court battle results
All three major carriers challenged their fines in different federal appeals courts, producing divergent outcomes . The Second Circuit Court of Appeals upheld Verizon's $46.9 million fine, rejecting the company's argument that device location data doesn't qualify as protected "customer proprietary network information". The court ruled that location data clearly meets the law's criteria for protection since it's accessible to carriers exclusively due to the customer relationship.
Meanwhile, Verizon had attempted to shift responsibility by largely outsourcing consent verification to third parties through contractual agreements, which the court found inadequate. The carrier's location data was improperly accessed by companies like Securus Technologies, which allowed law enforcement to obtain customer information without proper authorization.
AT&T's legal victory
In contrast to Verizon's defeat, AT&T successfully overturned its fine in a business-friendly appeals court, though specific details of this ruling were not elaborated in available sources. This creates a significant legal inconsistency regarding how telecommunications privacy violations are enforced across different jurisdictions.
The conflicting appellate court decisions may force Supreme Court intervention to resolve the legal uncertainty. This potential review could significantly limit the FCC's authority to penalize companies for privacy violations, potentially weakening federal oversight of telecommunications data practices.
Current settlement landscape
Despite the legal victories and defeats, AT&T simultaneously faces a separate $177 million class-action settlement related to two major data breaches in 2024. The company agreed to pay customers up to $7,500 each for documented losses from breaches that exposed Social Security numbers, addresses, passwords, and other sensitive information.
This settlement demonstrates ongoing vulnerabilities in telecommunications data security beyond the location-selling controversies.The contrasting legal outcomes highlight the fragmented state of privacy protection enforcement, where identical violations can result in different consequences depending on which court reviews the case.
