Section 222 of the Communications Act and the Federal Communications Commission’s (FCC) implementing regulations impose on “every telecommunications carrier…a [general] duty to protect the confidentiality of proprietary information of, and relating to, other telecommunication carriers, equipment manufacturers, and customers.”
This duty includes customer proprietary network information “relating to the ‘quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier’ and that is ‘made available to the carrier by the customer solely by virtue of the carrier-customer relationship.’”
In 2020, the FCC proposed over $200 million in fines “against the nation’s four largest wireless carriers for apparently selling access to their customers’ location information without taking reasonable measures to protect against unauthorized access to that information.”
In the last two months, the FCC has renewed its regulatory focus on wireless carriers’ data privacy practices.
In July, FCC Chairwoman Jessica Rosenworcel personally wrote the top fifteen mobile providers requesting information about their data retention and data privacy practices.
The initial inquiries asked about their “policies around geolocation data, such as how long … [such] data is retained and why and what the current safeguards are to protect this sensitive information.” In addition, the Chairwoman sought information about the carriers “processes for sharing subscriber geolocation data with law enforcement and other third parties’ data sharing agreements.” Finally, the inquiries sought information on “how consumers are notified when their geolocation information is shared with third parties.”
At the time, the FCC Chair observed that “mobile internet service providers are uniquely situated to capture a trove of data about their own subscribers, including the subscriber’s actual identity and personal characteristics, geolocation data, app usage and web browsing data and habits.”
She added that “the highly sensitive nature of this data – especially when location data is combined with other types of data – and the ways in which this data is stored and shared with third parties is of utmost importance to consumer safety and privacy.”
Then, on August 25, the FCC released to the public each of those carriers responses to the inquiries. In doing so, the Chairwoman announced that she has asked the agency’s “Enforcement Bureau to launch a new investigation into mobile carriers’ compliance with FCC rules that require carriers to fully disclose to customers how they are using and sharing geolocation data.”
Finally, consumers will be able to directly file “privacy complaints or share concerns about how providers are handling their information on the FCC’s website”. Chairwoman Rosenworcel observed that “if you, as a consumer, have concerns or complaints about how your provider is handling your private data, the FCC is making it easier for you to file complaints and make your concerns known – so we can take action under the law.”
The FCC’s actions come at a time when the U.S. House of Representatives is considering Federal privacy legislation that would reportedly “remove the agency’s authority to enforce its privacy regulations for common carriers”.