The FCC's Enforcement Bureau has determined that one, "or more," of the carriers it was investigating for disclosing real-time location data broke the law, and it will be proposing a fine or fines. 

The FCC's has been investigating carriers' alleged selling/sharing of geographic location information with third party data aggregators, information that reportedly made its way to bounty hunters and others, data their subs can't opt out of because it is used to provide the underlying service.

The chairman had said he would wrap up the investigation by January.

It has been over a year and a half since reports surfaced that wireless carriers were selling the geolocation data of their subs to third parties. 

Related: Carriers Tell Rosenworcel They Have Cut Ties with Location Data Aggregators 

That came in a letter from FCC Chairman Ajit Pai Friday (Jan. 31) to Rep. Frank Pallone (D-N.J.), chairman of the House Energy & Commerce Committee. Pai had promised to keep Pallone in the loop on the status of those investigations after he expressed concerns about the investigation. 

A spokesperson for the chairman's office had no comment on which carrier or carriers were being cited and how much the fine would be, but the subjects of the investigation included the Big Four--now three--AT&T, Verizon, T-Mobile, and Sprint. 

Pai said in the letter to Rep. Pallone that he was "committed to ensuring that all entities subject to our jurisdiction comply with the Communications Act and the FCC’s rules, including those that protect consumers’ sensitive information, such as real-time location data." 

Related: Walden on Edge Over Geolocation Data Sharing 

He signaled he would be circulating one or more Notices of Apparent Liability (NAL) for Forfeiture (essentially a fine) related to that finding. He did not say whether a vote on the enforcement action would be on the February meeting agenda, but it would appear likely. 

“Following our longstanding calls to take action, the FCC finally informed the Committee today that one or more wireless carriers apparently violated federal privacy protections by turning a blind eye to the widespread disclosure of consumers’ real-time location data," said Pallone. "This is certainly a step in the right direction, but I’ll be watching to make sure the FCC doesn’t just let these lawbreakers off the hook with a slap on the wrist.”

Rosenworcel, who pressed the FCC to investigate and pushed the carriers on whether they had ended the practice of sharing info with aggregators, suggested it was about time.  

"For more than a year, the FCC was silent after news reports alerted us that for just a few hundred dollars, shady middlemen could sell your location within a few hundred meters based on your wireless phone data. It’s chilling to consider what a black market could do with this data. It puts the safety and privacy of every American with a wireless phone at risk," Rosenworcel said in a statement. 

"Today this agency finally announced that this was a violation of the law. Millions and millions of Americans use a wireless device every day and didn’t sign up for or consent to this surveillance. It’s a shame that it took so long for the FCC to reach a conclusion that was so obvious.” 

"I am glad to see that the investigation is concluding and that, apparently, it will result in enforcement. Obviously, we will need to see the details before being able to judge whether the proposed penalty matches the severity of the violating conduct," said Harold Feld, SVP of Public Knowledge. "But it is equally important to determine how this happened and whether new rules are necessary to ensure that consumer privacy is protected. Strong CPNI rules used to be a bipartisan priority. I would hope that would remain true today."

“I am not certain regarding the statutory or regulatory provisions that the carriers are being cited for violating, or the extent to which clear evidence of intent to violate is required," said Randolph May, president of the Free State Foundation and a former top FCC official. "Or, to the extent the law was not clear, whether such provisions should or should not be applied retroactively as opposed to prospectively. And it may be that the carriers are being cited for acting in a way that was inconsistent with their representations. In any event, if there are indeed proven violations of the law, I have no problem, of course, with enforcement, including the levying of appropriate fines. And, given consumer concerns about the sensitivity of location data, and its possible abuse, the Commission’s actions should provide guidance going forward as to the carriers’ permissible conduct.”

"I think that the length of time it took the FCC to act on this shows that there is a transparency and process issue at the commission," said Yosef Getachew, media and democracy director at Common Cause. "We need to see the details of this enforcement action in terms of which carriers and what the fine is and how the FCC is interpreting its authority under the law. It is just as important that we hear from the FCC on what next steps they will take to prevent something like this from happening again."

Related