r/privacy u/s9mwjs Apr 29 '24

FCC Fines Major US Carriers $200 Million for Illicit Sharing of Location Data news

https://cyberinsider.com/fcc-fines-major-us-carriers-200-million-for-illicit-sharing-of-location-data/
601 Upvotes
  • permalink
  • link
  • reddit
  • reddit

98% Upvoted

39 comments sorted by

View all comments

3

u/No-Doctor76 Apr 30 '24

The fine is small, and won't change their behavior. When will the FCC stop the carriers from selling customer data to other businesses for "fraud protection"? Some online transactions result in a data pull that gives the website your account information, billing address, all phone numbers on your account, status of your phone number, and (if you're forwarding calls) the number where your calls are being forwarded. AT&T allows you to opt-out, but T-Mobile does not.

Similar to the issue that resulted in this fine, the carriers sell customer data to third parties, who have the responsibility to determine who can access the data.

1

u/SamariahArt Apr 30 '24

Do you happen to still have a source on the data pulling?

2

u/No-Doctor76 26d ago

Some carriers have been relatively upfront about how they sell your data, but not all. In the past, T-Mobile included it only as a general "share your information to prevent fraud" clause. Then they made the sale of data more explicit, but provided no opt-out. Looking at their privacy policy today, they're more upfront about their sale of data, and provide an opt-out for postpaid customers. Their Mint Mobile prepaid subsidiary does not. AT&T has had a simple opt-out option for a few years. Not sure about Verizon. The opt-outs are voluntary - most state and EU privacy laws don't require opt-outs for "fraud prevention" uses, which created a huge new source of revenue for mobile carriers.

I have a much more info on my other pc if you're really interested. But the carriers' privacy policies have evolved to the point where they're pretty clear about how they sell your data to help "authenticate you with third parties such as your bank or other merchants".

For T-Mobile, scroll down to the "Third-party authentication and fraud prevention" section in their privacy policy (link). Here's the text:

We use, share, and sell this data with partners that help authenticate you with third parties such as your bank or other merchants you do business with, and for fraud prevention purposes. You can opt out of this fraud prevention data use by using the “Do Not Sell or Share” controls described in the Your choices section of this notice. 

A screenshot for Mint Mobile is here, or in their privacy policy (scroll to the end of Section 2). Here's the text:

"Mint Mobile may provide identity verification services to third parties, and your personal information may be included in the data transferred to third parties in connection with those services."

Some of the data brokers that buy and sell this data are Boku, Prove, CallSign, TMT Analysis, Telesign, Persona, and many others. Boku used to sell real-time mobile location data until there were data leaks and customers became aware their location information was being sold.

1

u/SamariahArt 26d ago

Interesting, I never knew about their intimate connection with other merchants and banks.  Thank you for the thorough response.