Bottom line: Last month, FCC Chairwoman Jessica Rosenworcel contacted 15 of the top mobile providers to ask specific questions about how their company handled data retention, privacy, and security. She took the inquiry one step further last Thursday and made the carrier responses available to the general public. The responses indicate that 10 out of 15 carriers employed data-related practices that collected and stored geolocation data, often without the user's knowledge and with no ability to opt-out of it.
The press release dated August 25 provides readers with links to each carrier's response to the FCC's list of questions. The same questions were provided to all 15 wireless carriers about their geolocation data retention and data sharing practices. The questions focused on specific areas including collection policies, retention, storage locations, user notification and opt-out, and policies related to data sharing with law enforcement agencies.
BREAKING: Chairwoman @JRosenworcelFCC just shared the responses from the nation's 15 top mobile carriers following a request for information about their data retention and data privacy policies and practices: https://t.co/yYRiKOYkJr— The FCC (@FCC) August 25, 2022
The initial request for information sent to each company cited the FCC's previous efforts to protect user location data. In February 2020, the Commission proposed $200 million in fines to four of the nation's largest wireless carriers for selling and failing to properly secure user location data.
The sale and improper handling of user location data is a problem, and unfortunately not a new one. In fact, it's part of a multi-billion dollar location intelligence market where user data equals dollar signs. The data is bought and sold by data collectors, aggregators, and location intelligence firms that specialize in analyzing and reselling the datasets to aid buyers in identifying various market trends.
Specialized companies who simply buy and sell location data are not the only ones to benefit from this massive exchange of user information. Earlier this year, Emergen Research released a report on the top companies in the location analytics market. The list identifies more than a few household names, including Microsoft, IBM, Google, Oracle, and SAP.
Many of the mobile carrier responses indicated that users were not given the ability to opt-out of data gathering efforts in order for their organization to maintain compliance with law enforcement and current government regulations regarding user location data.
Two third of the responses said the data is collected for specific purposes and kept for anywhere from several months to several years in data centers across North and South America, Europe, and Asia. Only seven of the respondents indicated the collected data was encrypted.
It doesn't look like FCC's efforts to protect users and their data will stop with the receipt of the carrier responses. In their release, the FCC stated that their Enforcement Bureau is now tasked with launching a new investigation to further determine each organization's compliance with the Commission's regulations.
In addition to the responses and Enforcement Bureau actions, Thursday's press release invites users with concerns and those wishing to file privacy complaints to submit their experience on the FCC's Consumer Complaints Center website.