All Four Major Wireless Carriers Hit With Lawsuits Over Sharing, Selling Location Data
from the somebody's-watching-you dept
We've noted repeatedly that if you're upset about Facebook's privacy scandals, you should be equally concerned about the wireless industry's ongoing location data scandals. Not only were the major carriers caught selling your location data to any nitwit with a checkbook, they were even found to be selling your E-911 location data, which provides even more granular detail about your data than GPS provides. This data was then found to have been widely abused from everybody from law enforcement to randos pretending to be law enforcement.
Throughout all this, the Ajit Pai FCC has done absolutely nothing to seriously police the problem. Meaning that while carriers have promised to stop collecting and selling this data, nobody has bothered to force carriers to actually confirm this. Given telecom's history when it comes to consumer privacy, somebody might just want to double check their math (and ask what happened to all that data already collected and sold over the last decade).
Compounding carrier problems, all four major wireless carriers last week were hit with a class action lawsuit (correctly) noting the carriers had violated Section 222 of the Federal Communications Act by selling consumer proprietary network information (CPNI) data:
"Through its negligent and deliberate acts, including inexplicable failures to follow its own Privacy Policy, T-Mobile permitted access to Plaintiffs and Class Members’ CPI and CPNI,” the complaint against T-Mobile reads, referring to “confidential proprietary information” and “customer proprietary network information,” the latter of which includes location data."
It's likely that the sale of 911 data is where carriers are in the most hot water, since that's their most obvious infraction of the law. It's of course worth pointing out that wireless carriers (and fixed-line ISPs, frankly) have been hoovering up and selling location, clickstream, and a vast ocean of other user data for decades with very few (any?) Congressional lawmakers much caring about it. It's another example of how Facebook's cavalier treatment of user data (and government apathy toward meaningful solutions) isn't just some errant exception -- it's the norm.
Back in 2016, the previous FCC uncharacteristically tried to impose some pretty basic rules that would have gone a long way in preventing these location data scandals by requiring that carriers be more transparent about what data is collected and who it's sold to. It also required consumers opt in to more sensitive (read: financial, location) data. But telecom lobbyists quickly convinced Congress to obliterate those rules in 2017 using the Congressional Review Act before they could even take effect.
Two years later finds the sector swimming in scandal, and everybody has a dumb look on their faces utterly perplexed as to how we got to this point.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: class action, fcc, lawsuit, privacy, section 222, telcos
Companies: at&t, sprint, t-mobile, verizon
Reader Comments
Subscribe: RSS
View by: Time | Thread
surprisedpikachu.jpg
[ link to this | view in chronology ]
Privacy is deader than copyright protection.
Brave new world we live in.
[ link to this | view in chronology ]
Pointless...
...carriers sold data over the years for say two billion.
Class action suit finds them guilty, fines them ten million.
Lawyers for the suit take just under seven million for themselves.
The remaining three million is distributed to the hundred and fifty million people who were customers when the events occurred.
Had one like this with a bank. Got a check for something like sixty-five cents with an eight page cover letter explaining that it was a settlement from a class action against the bank and was "my share" of a multi-million dollar settlement.
[ link to this | view in chronology ]
Re: Pointless...
Until such time as those at the helm physically pay through extended loss of freedom and expropriation of all assets it is just a small line cost on the balance sheet for the corporation.
[ link to this | view in chronology ]
Re: Re: Pointless...
Not going to happen.
Now, if actual Awards were the actual damages, then, say... doubled for punitive reasons, they'd stop pulling these stunts.
Seriously, if you collect a million dollars "illegally" and the punishment is a $100,000 fine, it's not a fine, it's a cost of doing an incredibly profitable business.
[ link to this | view in chronology ]
Re: Pointless...
The primary purpose of class-action lawsuits is deterrent.
[ link to this | view in chronology ]
Re: Re: Pointless...
"The primary purpose of class-action lawsuits is LAWYER PROFIT."
There fixed it for you.
[ link to this | view in chronology ]
Re: Re: Re: Pointless...
"The primary purpose of class-action lawsuits is CORPORATE PROFIT."
There, I fixed that for you, bro.
As pointed out by others, corporations weigh the risk of penalty and lawsuit against the potential profit. Basic math, basic greed. If A is larger than B or C, you do it and let the lawyers deal with the fallout.
A lot of tort law is "loser pays" as well. Corporations love class-actions because of this. paying 4 lawyers out of the settlement pool is far cheaper than paying dozens or hundreds of lawyers PLUS settlement awards on top of it.
Corporate. Profit. Never believe for a second it is anything else.
[ link to this | view in chronology ]
Re: Re: Re: Re: Pointless...
"Loser pays" isn't the important part for them. The main benefit is that the settlement is binding on parties who don't know about it. They'll give a law firm some tens of millions of dollars, then offer a tiny payout to any customer who was affected and feels like giving all their personal data to some shady settlement website.
So, the bulk of the money goes to lawyers, and then the only people who can still sue are those who sent formal notice to opt out of the action.
[ link to this | view in chronology ]
How's about we get Mr Pai's location data and share it in real time on the web - bet it'll become an issue quickly then!
[ link to this | view in chronology ]
So, lets see.....
All our data is sold or stolen..
Corps dont care( I know one that does).
Our location data is being monitored, and collected WITH SMART PHONES.
credit bureau hacked, medical records hacked(gov site for medial sign up), banks giving the info away, cell phone carriers selling our data, many game sites have been hacked, the Gov. wants to monitor ALL of us, as well as the whole internet....
I love it..I really do..
Go burn a few Credit cards and deny payments.. UUntil they can track THAT, you have free will(just leave the phone at home). They cant prove much unless they get pictures. It would only take a few friends.. The automated credit card machines dont care WHO signs the thing.
AND you wondered why they were pushing Facial scanning?/ better do it quick, before they get it working..
[ link to this | view in chronology ]
How much of that location data is related to minors???
Seems to me that the Big 4 just became criminally accountable for human trafficking of Minors across the US by compiling and selling that location data.
The only way they can prevent being held accountable is to wipe said data, and never, ever, ever, ever (to infinity and beyond) collect it again.
[ link to this | view in chronology ]