United States of America: Issued FCC ruling following an investigation into T-Mobile for allegedly failing to protect its customers' location information

On 29 April 2024, the Federal Communications Commission (FCC) issued a ruling against T-Mobile, fining the company USD 80’080’000 for failing to protect customers' location information and for sharing it without consent. This decision enforces the data protection regulation under section 222 of the Communications Act, which mandates carriers to safeguard customer information and obtain explicit consent before disclosing or allowing access to this information. The FCC's investigation, initiated after reports of unauthorised disclosure of location information to a Missouri Sheriff via a location-finding service operated by Securus, determined that T-Mobile, along with other carriers, had sold access to customer location information to aggregators, who then resold it to third-party service providers without valid customer consent. The FCC stated that despite being aware of the ineffectiveness of its safeguards, T-Mobile continued these practices without implementing reasonable measures to prevent unauthorised access.