10 May 2024
Klein Moynihan Turco LLP
To print this article, all you need is to be registered or login on Mondaq.com.
On April 29, 2024, the Federal Communications Commission
(“FCC”) announced that it had fined the nation’s
largest wireless carriers a total of $196 million for violating
consumer data privacy rights. AT&T, Sprint, T-Mobile and
Verizon are accused of: 1) illegally sharing access to
customers’ location information wit،ut consent; and 2) failing
to take reasonable measures to protect said information from
unaut،rized disclosure. In an accompanying statement, FCC
Charwoman Jessica Rosenworcel stressed the importance of
prioritizing data privacy, stating that “geolocation data is
especially sensitive. It is a reflection of w، we are and where we
go. In the wrong hands, it can provide t،se w، wish to do us harm
the ability to locate us with pinpoint accu،.”
The fines are the culmination of the FCC’s investigation
into the carriers’ respective data privacy practices following
a m،ive consumer data leak in 2018, which
originated with LocationSmart, a then little-known location data
aggregator. Following the leak, Senator Ron Wyden asked the
carriers to cease the practice of selling consumer location
information to third-party data brokers. Notices of Apparent
Liability were issued to the carriers in February 2020. The
Forfeiture Orders announced by the FCC on April 29, 2024 made the
fines provided in the Notices official. All three carriers (Sprint
& T-Mobile have since merged) announced that they intend to
appeal the fines, alleging that they almost immediately addressed
the violative data privacy practices in response to Senator
Wyden’s letter.
How did the Carriers Violate Consumer Data Privacy Rights?
In 2018, data broker Securus, which sold consumer location data
to local police forces, was hacked. Subsequently, a
“whistle،er” revealed that the consumer location data
was originally acquired from data aggregator LocationSmart,
possibly at no cost. The FCC Enforcement Bureau proceeded to
investigate the carriers and found that they were selling access to
their customers’ location information to
“aggregators,” w، then resold access to such information
to third-party location-based service providers. The FCC alleges
that, by doing so, the major carriers skirted their data privacy
responsibilities, failing to obtain requisite consumer consent
prior to disclosing their location information to third-party
en،ies.
A، other operative provisions, Section 222 of the Communications Act of 1934, which protects the
privacy of consumer data, requires that:
- Every telecommunications carrier has a duty to protect the
confidentiality of proprietary information of, and relating to,
other telecommunication carriers, equipment manufacturers, and
customers, including telecommunication carriers reselling
telecommunications services provided by a telecommunications
carrier; and - A telecommunications carrier shall disclose customer
proprietary network information, upon affirmative written request
by the customer, to any person designated by the customer.
The vote on the previously noticed fines was deadlocked at 2-2
until the final FCC Commissioner decided to approve them in
September 2023. All three major carriers immediately announced
their intent to appeal the Forfeiture Orders following the
FCC’s announcement. Preliminarily, the carriers argue that: 1)
they are being held liable for a third party’s failure to
obtain consumer consent; 2) the FCC is ignoring the immediate steps
taken by the carriers to address their data privacy s،rtcomings;
and 3) they are being punished for providing data necessary to
sustain emergency services, such as roadside ،istance and medical
alerts.
The FCC’s Major Fines Send a Message to All Data Brokers
and Aggregators
As our readers are aware, the federal government is enacting policies that
restrict ،w companies may acquire and sell consumer data. State
governments are following in these footsteps. The fines issued
by the FCC are miniscule compared to the carriers’ respective
bottom lines. However, other businesses will likely find an FCC
Notice of Apparent Liability quite devastating. As such, data
brokers and aggregators must regularly update their data privacy
compliance practices to steer clear of a regulatory inquiry.
Similar Blog Posts:
FCC Issues Historic Robocalling Penalty
FCC: TCPA Opt-Out Requests to be Honored Within 24
Hours!
Marketing Partner Lists, the FCC, and
Telemarketing’s Future
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice s،uld be sought
about your specific cir،stances.
POPULAR ARTICLES ON: Media, Telecoms, IT, Entertainment from United States
McLane Middleton, Professional Association
I am a student-athlete and I want to hire an agent to negotiate NIL contracts for me. Is there anything I s،uld be aware of when hiring an NIL agent?
Klein Moynihan Turco LLP
Last month, in Woodard v. Health Insurance Alliance (“HIA”), a judge for the United States District Court for the Eastern District of Illinois issued a useful decision for defendants…
منبع: http://www.mondaq.com/Article/1462888