FCC Crackdown on Data Abuses by US Sends Dangerous Message

The News: News of the week was the FCC crackdown on data abuses — specifically location data abuses — by US wireless carriers. This week, the US Federal Communications Commission (FCC) unveiled its proposal for fines to be leveled against the US’ largest wireless carriers — Verizon, AT&T, Sprint, and T-Mobile — for allegedly having shared their customers’ real-time location data with third parties without their knowledge or consent. In support of this proposal, the FCC argues that this practice violates federal law. Read the full FCC proposal here.

FCC Crackdown on Data Abuses by US Wireless Carriers Sends Dangerous Message on Privacy

Analyst Take: You may recall the 2018 scandal, in which cell phone location data was discovered to be readily available to bounty hunters for a few hundred dollars. This latest move by the FCC and its claim that this practice violates federal law, appears to be the outcome of that investigation, which uncovered that wireless carriers were quietly sharing their customers’ real-time location data with third party aggregators.

Per the proposal, the FCC’s fines to carriers will total $200M, and is broken down as follows:

T-Mobile: Roughly $91 million
AT&T: Roughly $57 million
Verizon: Roughly $48 million
Sprint: Roughly $12 million

FCC Chairman Ajit Pai’s statement on the matter is that the FCC “took decisive actions to protect American consumers, and we are confident in the balance we struck in this case.”

Let’s Discuss Those “Decisive Actions to Protect American Consumers” Shall We?

This FCC crackdown on data abuse seems like big news, right? While the notion that the FCC taking “actions to protect American consumers” would not normally, raise eyebrows, the severity of the fines — or rather the lack thereof — does. FCC Commissioner Jessica Rosenworcel was immediately critical of the light-handed fines, which US Senator Ron Wyden (D-Ore.) called “comically inadequate.”

To their point, AT&T generated $181.74 billion dollars in 2019, Verizon $130.86 billion, T-Mobile over $40 billion, and Sprint $33.6 billion. Since the fines proposed by the FCC barely qualify as a rounding error for any of these companies, and consequently don’t seem effective either as a punitive measure or as a deterrent, the FCC’s “decisive actions” seem, as Commissioner Rosenworcel stated, “a dollar short” and, in my opinion, not particularly decisive at that. Wireless carriers, however, should take the FCC’s reluctance to push back against their behavior as very good news.

From a consumer protection standpoint, however, I fail to see how proposing anemic fines on companies that — based on the investigation’s findings — appear to have so grossly abused the trust of their customers for years, will ultimately protect those very same consumers in the future. This is particularly true if the message being telegraphed by the FCC is that there is little will within the agency to truly crack down on such abuses, and/or hold wireless carriers accountable when they break federal law.

Where the FCC Failed

What may be equally concerning to consumers is the way that the FCC apparently conducted its investigation. For starters, the FCC does not appear to have attempted to gauge the scale of the problem, let alone quantify what harm, if any, resulted from the carriers’ actions. As a benchmarking measure, the FCC should have sought to gauge how many times individual consumers’ privacy was violated, and how much revenue the carriers netted from these abuses. Instead, the FCC merely merely relied on asking the carriers to provide them with a list of contracts with third parties associated with the practice under scrutiny.

In addition, the FCC doesn’t appear interested in going after third party companies that carriers signed location-selling agreements with. While the agency may not have the authority to do so itself as these third parties do not necessarily fall under its purview, it could have easily worked with the DOJ and state prosecutors to hold them accountable in parallel with its own actions against the wireless carriers.

Further, as Commissioner Rosenworcel notes in her comments, the FCC incomprehensibly “heavily discounted” the fines that the carriers potentially owed under the law in addition to disregarding the scope of the problem. She states: “The agency proposes a $40,000 fine for the violation of our rules — but only the first day. For every day after that, it reduces to $2,500 per violation. […] On top of that, the agency gives each carrier a thirty day pass from this calculation. This thirty day ‘get out of jail free’ card is plucked from thin air.”

And last but certainly not least, following previous controversial behavior from the FCC under Pai, the FCC again did not seek to hear from the public. In addition, as far as I can tell the FCC did not issue subpoenas to third parties involved in the scheme, and initially failed to push back against the carriers’ request to keep their responses confidential, until commissioners intervened.

This daisy chain of decisions to attenuate penalties and liabilities against offending carriers doesn’t quite make sense in the scope of a federal agency engaging in what should be a “decisive” enforcement action to both punish wrongdoing and protect consumers.

What’s Next [and it’s not much]

So what’s next? The four carriers have 30 days to comment on the proposed fines, challenge the findings, or ask for an extension. The FCC, for its part, has no set timeline for finalizing the amount of the fines, and could theoretically choose never to collect the fines at all. It is also possible that wireless carriers may not stop selling real-time location data to third-party aggregators as a result of this tangle with the FCC—it’s not as if there’s really any incentive to do so.

Conclusions: The FCC’s Behavior Says a Lot About Its Lack of Regard for Consumer Privacy

Regardless of the FCC’s decisions from here on out, my read on what this decision seems to indicate is threefold:

The FCC currently does not appear to have the will to truly crack down on carriers that violate federal law, at least when it pertains to consumer privacy.
The FCC’s behavior throughout this case has, in my view, communicated to US wireless carriers that, superficial fines aside, they can continue to abuse their customers’ privacy, and profit from said abuses, with some degree of impunity. However you may feel about that stance, this is excellent news for wireless carriers. It is obviously, however, not great news for consumers.
The FCC’s message of near-non-enforcement is likely being heard loudly and clearly by ALL companies that fall under its purview, not just wireless carriers, including but not limited to ISPs, technology companies whose devices and services collect location data on consumers, and obviously social networks.

This is one I’ll be watching with interest.

Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.