Proposed Fines Against Carriers for Data Violations Appear Stalled at Split FCC
Fines proposed by FCC Chairwoman Jessica Rosenworcel against the major wireless carriers for allegedly failing to safeguard data on their customers' real-time locations have apparently stalled, according to a document we viewed. Commissioners haven't voted to approve the fines, though fellow Democrat Geoffrey Starks voted yes, the document shows. It confirms that Rosenworcel circulated an order in September (see 2209090028). Public interest groups want action.
In early 2020, then Chairman Ajit Pai proposed notices of apparent liability of more than $91 million against T-Mobile, $57 million against AT&T, $48 million against Verizon and $12 million against Sprint, which hadn't yet merged with T-Mobile (see 2002280065).
The carriers have been meeting with commissioners’ offices “on and off for a while,” but no ex parte filings are required for these types of proceedings, said a lawyer who has worked on the issue: “They are arguing the merits and are also probing to see about narrowing the scope, lowering the forfeitures. … There’s a legal theory that Section 222 [of the Communications Act] does not envision giving the FCC power over the privacy aspect of those services; that’s the FTC’s area of expertise.”
“We do hope that the commission will step up because there is a real need for them to be active privacy regulators now as consumers continue to be subject to wide-scale commercial surveillance and the FCC’s privacy authority is one of the few areas with significant enforcement potential,” Alan Butler, president of the Electronic Privacy Information Center, told us. “Our perspective on it is let’s get moving,” he said. “This is one initial piece of important enforcement work that needs to get done … and we think that the FCC has an important role to play, and they really haven’t been doing it.”
“There is absolutely no reason for any further delay,” said Public Knowledge Senior Vice President Harold Feld. “The Republicans voted unanimously at the time. That did not include Commissioner [Nathan] Simington, but it did include Commissioner [Brendan] Carr, so there should be a majority to collect the fines. The information misused by the carriers involved the most sensitive and precise geolocation information, and the carriers sold it to virtually anyone who asked for it.”
Delays in acting likely aren’t attributable to the commission’s 2-2 split “since the existing commissioners all generally seemed to support the fines at the time,” said Joe Kane, Information Technology and Innovation Foundation director-broadband and spectrum policy. “Then-Commissioner Rosenworcel was critical of the delay in getting to the NALs from the investigation, which adds more intrigue to the additional delay since the new administration took over,” he said: “This highlights that the FCC's consumer-protection role is alive and well, and does not need jurisdictional expansion.”
When the FCC approved the NALs, Rosenworcel and Starks called the response inadequate. The "investigation is a day late and a dollar short,” Rosenworcel said then: “The FCC kept consumers in the dark for nearly two years after we learned that wireless carriers were selling our location information to shady middlemen.” Simington hadn't joined the FCC. His predecessor, Mike O’Rielly, voted for the NALs but expressed “deep concerns about the investigations, the fulsomeness of what’s been explored.”
“It is unclear why this has been sitting so long,” Feld said. “My cynical view is that carriers have pushed commissioners to delay the vote in the hopes that Congress would pass the American Data Privacy Protection Act, which would have eliminated previous enforcement orders and therefore allowed the carriers to avoid the fines,” he said: “While [it's] not impossible for ADDPA to pass as part of the end-of-year omnibus [package], it seems extremely unlikely. With luck, whoever has been refusing to vote the item will finally do so and allow carriers to experience consequences for their misuse of personal data.”
The proposed fines highlight “the unevenness of how privacy is being handled,” emailed Recon Analytics’ Roger Entner: “An app on a phone can do what it wants, yet at the same time the very same conduct on a much smaller scale by an operator is being fined. How does this protect consumer’s privacy? It does not, and the commission attempts to engage in regulatory arbitrage.” The FCC and the companies named didn’t comment. The carriers no longer have programs that were the focus of the earlier NALs.