T-Mobile on the largest user location sharing abuse fine: AT&T, Verizon and Sprint did worse

That could have crossed your information stream as well but the fact that those data aggregators then parse and resell your location down the flagpole was only fleshed out recently with various outlets doing their own investigations on the matter. When notified what is happening with the resold data, carriers said they will stop the practice way back in 2018, to little actual action, which made the FCC look into the issue.

The end result? Last week, the FCC announced that it has sent the so-called Notices of Apparent Liability for Forfeiture and Admonishment (NAL) to the four big US carriers, imposing a total of $209 million in fines, and T-Mobile will bear the brunt of it with $91 million.

Why? Well, in one instance, Motherboard was able to obtain location data for a T-Mobile customer for $300 from... a bounty hunter, and in real time, no less. It's precisely T-Mobile that tuned out the worst offender when it comes to customer location data sharing. While it only had contracts with two large aggregators - LocationSmart and Zumigo - they in turn spread its info far and wide to no less than 83 third-party entities, including a database that the bounty hunter could easily dip into to show your real-time location.

Next in line when it comes to the penalty amount is AT&T with $57.3 million), then Verizon with $48.3 million, and, finally, Sprint with $12.2 million in fines. The penalty doesn't only take into account the amount of third parties that subscriber location data was shared with, but also how long did it take the carriers to react after they were notified of the problem. 

All continued the practice well into last year, even though they knew much earlier that the revenue they extracted from location data aggregators could land them in trouble since the practice had become public. T-Mobile, however, ceased sharing data without adequate safeguards earlier than the rest, and intends to fight the $91 million penalty that the FCC has imposed, according to FierceWireless:

The FCC Commissioner Geoffrey Starks, however, is having none of it, and is already gearing for a fight with T-Mobile by commenting that the $91 million penalty is not nearly enough, if anything, for the amount of damage that unauthorized sharing of  subscriber location data has wreaked.

"It should be higher," he says. "I believe that T-Mobile was on notice about the problems with its location data protections back in July 2017 and that the proposed forfeiture amount should reflect that fact – the punishment should fit the crime."

That puts the timeline of the drama in a whole new light, as if indeed the first investigations started rolling a few years ago, and T-Mobile was warned about the abuse of its system way back in 2017, a reaction in 2019 may have come too little too late.