What just happened? T-Mobile drew customer ire earlier this year after quietly updating its privacy settings to include a new section that automatically opted users into "Profiling and automated decisions." Now, the carrier is facing renewed backlash for adding two additional privacy settings that permit the sharing of user data with third parties.
T-Mobile's Privacy Center has quietly added two new toggles, and both enabled by default. The first, labeled "Fraud and identity theft protection," allows the carrier to share users' personal data with third parties, ostensibly to help prevent fraud. The shared information includes account details, usage activity, communication patterns, and interactions with potentially malicious URLs.
According to T-Mobile, this data is shared with companies where the user also holds an account, with the stated goal of stopping fraudulent transactions. For example, the carrier says banks could use the feature to flag suspicious activity, such as sudden changes to a customer's contact information.
The second option, labeled "Sharing certain financial information," raises even more concerns. It permits the carrier to share users' financial data – including payment history and account balances – with financial institutions, affiliate marketers, and even unaffiliated companies for targeted advertising purposes.
T-Mobile states that it collects this financial information when users open a postpaid account, apply for device financing, make payments, or engage in other transactions. While the company claims the changes are intended to enhance online security, the lack of transparency is troubling. It has not disclosed which third parties are receiving this data.
The only silver lining with these new settings is that they can be turned off via the official T-Mobile app or website. To do this in the app, tap the gear icon at the top, navigate to "Privacy and Policies," select "Privacy Dashboard," and toggle off the contentious options. To make the changes online, you can click here.
T-Mobile is rolling out these new privacy settings just a month after hackers claimed to have stolen the personal details of 64 million customers. The leaked data reportedly includes a wide range of personally identifiable information such as full names, dates of birth, addresses, phone numbers, and more. T-Mobile, however, has denied the breach and claims that the data does not belong to its customers.
Image credit: Tmo Report