Situation: US mobile operators accused of illegal trade in subscribers' geodata
The “four” largest mobile operators in the United States may be obliged to pay compensation to subscribers for the sale of their geolocation data to third parties.
Litigation has already begun. / Unsplash / Craig Whitehead
This is not the first year that American mobile operators have been accused of trading subscriber metadata. Of particular concern to journalists, politicians and ordinary residents is the sale of information about the location of the devices of mobile users. Brokers who buy data from operators resell it to third parties. Those, in turn, can dispose of the information at will. From determining the location of mobile devices at the request of a conditional detective agency to mass profiling and segmenting an audience for marketing systems, advertising networks, credit and financial organizations.
In May 2018, The New York Times publishedSecurus platform article. It is designed to track the location of callers called by prisoners in American prisons. The platform is used by law enforcement officials. It turned out that the service allows you to find out the geolocation of any device in the country without a preliminary request from special services and court decisions.
After the release of this material, US senators demanded that operators verify the activities of all organizations that somehow work with subscribers' geolocation data. The operators said that they no longer trade in such data and stopped working with partners selling information about people without their consent. However, the location of mobile devices is still available for a range of organizations.
/ Flickr /Craighton Miller / CC BY
So in January 2019, Motherboard reporters conducted an experiment - they paid a private detective and asked him to establish the location of a particular smartphone. Using the Microbilt service for financial institutions, the location of the device was determined with an accuracy of hundreds of meters.
The senators again intervened in the matter - they wrote an open letter to the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC), where they asked to investigate existing practices in the sale of geodata and prevent their illegal traffic. The transfer of geolocation data to third parties interested the customers of the operators who filed lawsuits.
In early May, the law firm Z Law applied to the Maryland Federal District Court. She deals with consumer protection issues. The firm filed lawsuits against four of the largest US carriers - AT&T, T-Mobile, Sprint and Verizon.
Five clients of the mentioned companies became applicants - however, they act on behalf of all subscribers of the operators. Claims are collective : plaintiffs demand compensation to all who used the services of telecom providers in the period from 2015 to 2019.
According to the docs, companies require compensation for the resale of users' personal data without their consent. The plaintiffs estimated the total number of victims of operator actions at least 300 million people. In case of victory in court, each of them will receive payments from companies, the amount of which will be determined by the results of the process.
The legal basis for the lawsuits was section 222 of the Federal Communications Act, which prohibits the transfer of subscriber geodata without their consent.
The plaintiffs believe that the sale of geolocation data is illegal, and therefore operators should stop it. Their position is reinforced by the fact that, when purchasing location data, brokers compare them with other databases. For example, one of the platforms of companies using information on the geolocation of smartphones can give out not only the owner’s location by phone number, but also his name and address of residence.
A complete ban on the sale of geolocation data was supported by the representative of the FCC Jessica Rosenworcel (Jessica Rosenworcel). She also noted that this situation was made possible due to the lack of control of the FCC chairman Ajit Pai (Ajit Pai) over the actions of providers. Rosnorsel called on the commission to pay more attention to the protection of citizens' data.
/ Unsplash / Liam Seskis
The operators did not agree with the allegations. For example, AT&T representatives said that any personal data is transferred only with the consent of the device owners, and the contracts with all unscrupulous telecom partners have already been broken.
The provider also pointed out the benefits of services that transmit information about the geolocation of smartphones. Among them are medical devices that can send information to the attending physician about the location of the patient if he becomes ill.
The protection of personal data in the United States is paying more and more attention. For example, in California, the CCPA - California Consumer Privacy Act will come into force in 2020. He will oblige companies to inform their customers about who else their personal data is transferred to.
If we talk about the situation with the operators, then other claims may be brought against them. The Motherboard investigation also revealed that telecoms were selling data intended for emergency response services and allowing to locate the device with an accuracy of several meters.
In February, the Public Knowledge Consumer Rights Organization opposed the sale of data for emergency services, but the FCC did not punish offending operators. There is a possibility that telecoms will be asked to return to this issue.
Litigation has already begun. / Unsplash / Craig Whitehead
Background
This is not the first year that American mobile operators have been accused of trading subscriber metadata. Of particular concern to journalists, politicians and ordinary residents is the sale of information about the location of the devices of mobile users. Brokers who buy data from operators resell it to third parties. Those, in turn, can dispose of the information at will. From determining the location of mobile devices at the request of a conditional detective agency to mass profiling and segmenting an audience for marketing systems, advertising networks, credit and financial organizations.
In May 2018, The New York Times publishedSecurus platform article. It is designed to track the location of callers called by prisoners in American prisons. The platform is used by law enforcement officials. It turned out that the service allows you to find out the geolocation of any device in the country without a preliminary request from special services and court decisions.
After the release of this material, US senators demanded that operators verify the activities of all organizations that somehow work with subscribers' geolocation data. The operators said that they no longer trade in such data and stopped working with partners selling information about people without their consent. However, the location of mobile devices is still available for a range of organizations.
/ Flickr /Craighton Miller / CC BY
So in January 2019, Motherboard reporters conducted an experiment - they paid a private detective and asked him to establish the location of a particular smartphone. Using the Microbilt service for financial institutions, the location of the device was determined with an accuracy of hundreds of meters.
The senators again intervened in the matter - they wrote an open letter to the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC), where they asked to investigate existing practices in the sale of geodata and prevent their illegal traffic. The transfer of geolocation data to third parties interested the customers of the operators who filed lawsuits.
Claims against operators
In early May, the law firm Z Law applied to the Maryland Federal District Court. She deals with consumer protection issues. The firm filed lawsuits against four of the largest US carriers - AT&T, T-Mobile, Sprint and Verizon.
Five clients of the mentioned companies became applicants - however, they act on behalf of all subscribers of the operators. Claims are collective : plaintiffs demand compensation to all who used the services of telecom providers in the period from 2015 to 2019.
According to the docs, companies require compensation for the resale of users' personal data without their consent. The plaintiffs estimated the total number of victims of operator actions at least 300 million people. In case of victory in court, each of them will receive payments from companies, the amount of which will be determined by the results of the process.
The legal basis for the lawsuits was section 222 of the Federal Communications Act, which prohibits the transfer of subscriber geodata without their consent.
Response to the allegations and arguments of the parties
The plaintiffs believe that the sale of geolocation data is illegal, and therefore operators should stop it. Their position is reinforced by the fact that, when purchasing location data, brokers compare them with other databases. For example, one of the platforms of companies using information on the geolocation of smartphones can give out not only the owner’s location by phone number, but also his name and address of residence.
A complete ban on the sale of geolocation data was supported by the representative of the FCC Jessica Rosenworcel (Jessica Rosenworcel). She also noted that this situation was made possible due to the lack of control of the FCC chairman Ajit Pai (Ajit Pai) over the actions of providers. Rosnorsel called on the commission to pay more attention to the protection of citizens' data.
/ Unsplash / Liam Seskis
The operators did not agree with the allegations. For example, AT&T representatives said that any personal data is transferred only with the consent of the device owners, and the contracts with all unscrupulous telecom partners have already been broken.
The provider also pointed out the benefits of services that transmit information about the geolocation of smartphones. Among them are medical devices that can send information to the attending physician about the location of the patient if he becomes ill.
Business prospects
The protection of personal data in the United States is paying more and more attention. For example, in California, the CCPA - California Consumer Privacy Act will come into force in 2020. He will oblige companies to inform their customers about who else their personal data is transferred to.
If we talk about the situation with the operators, then other claims may be brought against them. The Motherboard investigation also revealed that telecoms were selling data intended for emergency response services and allowing to locate the device with an accuracy of several meters.
In February, the Public Knowledge Consumer Rights Organization opposed the sale of data for emergency services, but the FCC did not punish offending operators. There is a possibility that telecoms will be asked to return to this issue.
Read our blog on the VAS Experts website: