United States of America: Announced FCC proposed fine against AT&T for allegedly failing to protect its customers' location information

On 28 February 2020, the Federal Communications Commission (FCC) proposed a fine of over USD 57 million against AT&T for allegedly failing to protect customers' location information and for sharing it without consent. This decision enforces the data protection regulation under section 222 of the Communications Act, which mandates carriers to safeguard customer information and obtain explicit consent before disclosing or allowing access to this information. The FCC's investigation, initiated after reports of unauthorised disclosure of location information to a Missouri Sheriff via a location-finding service operated by Securus, determined that AT&T, along with other carriers, had sold access to customer location information to aggregators, who then resold it to third-party service providers without valid customer consent.