Lots of big companies have come under the scanner for infringing user privacy and selling data to obscure third-party aggregators ever since Facebook data breach. For some time now, speculations have been rife that despite their avowed commitment to user privacy, most of the companies are willfully violating user privacy and clandestinely turning it into a revenue source. There is no smoke without fire and the speculations were not entirely baseless.
Jessica Rosenworcel, Commissioner, FCC (Federal Communications Commission), wrote a letter to the four American telecom companies on May 1, 2019, seeking details about their data handling and any sort of collaboration with other companies that offer location-based services.
In reply to the letter by four big American telecom companies – AT&T, T-Mobile, Sprint, and Verizon – which has been made public, all of the four companies claim to have stopped sharing user data without authorization by the user.
Most of the companies continued to sell user location data to companies even after explicitly declaring in June last year that they would discard the practice of selling data to monetizing firms. Clouds of suspicion continued to hover over the companies’ data handling and it was revealed in an investigation by Motherboard that companies like AT&T and T-Mobile continued selling data to third-party companies like Zumigo and Microbilt.
AT&T uses loophole
Verizon and AT&T were among the first companies that declared that they are eschewing selling location data and would take preventive measures and corrective action to strengthen user privacy.
Surprisingly, while AT&T has conceded that it sold location data and said that it has now finally terminated the practice, it has also defended selling location data based on a technicality. In the letter to the FCC, AT&T said that the data being sold was not illegal per se as per the FCC guidelines.
The type of data, knowns as A-GPS data, is usually collected for GPS-based services and emergency services and as per AT&T, selling it isn’t against US Federal Law. However, at the same time, AT&T categorically said that it has discontinued selling user-data and has no plans or intent of resuming it again.
“While A-GPS is certainly used by 911 dispatchers to assist in locating individuals in emergency situations, it is also an important feature commonly used by app developers to provide location services. For example, ride-sharing apps use A-GPS to make sure the car shows up in the right location. For these reasons, reports of purported improper use of A-GPS are incorrect,” writes Joan Marsh, AT&T’s executive vice president of regulatory and state external affairs.
AT&T also said that it stopped sharing any location data with third-party aggregators in March 2019 and has also asked its partners to delete any AT&T customer data that they might have.
All of the companies, except Sprint, said in the letter that they have already stopped selling data to third-party sellers. Sprint said that the process of ending location-data sale is ongoing and May 31 onwards the company would not share location data with any firm. However, it has not outlined any further details regarding the process or the targets it has set.