We reported about two weeks ago
that all four major carries in the United States are defendants in class action suits, which claim that they sold user location data to third-party companies. Well, it looks like the issue isn't whether or not they did it, but how and why.
AT&T has just confirmed in a letter made public on Friday that it did nothing illegal when it decided to sell the user location data of its customers, The Verge
reports. Apparently, the carrier has found a loophole in the law, which allowed it sell specific user data to third-party firms.
According to the letter published recently
, the type of data AT&T has sold is not included on the list of data that the Federal Communications Commission prohibits carriers from selling without user consent.
The FCC’s prohibitions on the use of the National Emergency Address Database (“NEAD”) for non-emergency services do not apply to A-GPS because A-GPS is not associated with or stored within NEAD. While A-GPS is certainly used by 911 dispatchers to assist in locating individuals in emergency situations, it is also an important feature commonly used by app developers to provide location services. For example, ride-sharing apps use A-GPS to make sure the car shows up in the right location. For these reasons, reports of purported improper use of A-GPS are incorrect.
AT&T says in the letter that before its sells customer location data to an aggregator or location-based services provider, it investigates them. Unfortunately, it was discovered that some companies that bought the data from US carriers was accessible by bounty hunters.
The good news is even if AT&T thinks it didn't do anything illegal, the carrier announced it has stopped selling user location data, at least for the moment.