by Ernesto Mendieta
On February 28, 2020, the Federal Communications Commission proposed fines amounting to over $200 million dollars against the four largest wireless carriers in the U.S., alleging that the companies broke the law by not taking reasonable measures to protect customers' private location information and allowing third parties to have unauthorized access to it.
The Communications Act requires telecommunications carriers to protect the confidentiality of certain customer data known as CPNI (Customer Proprietary Network Information), which is related to the provision of telecommunications service and includes the customer location information. The FCC's CPNI rules make clear that carriers must take reasonable measures to discover and protect against attempts to gain unauthorized access to this data. The rules also require that carriers or those acting on their behalf generally must obtain affirmative, express consent from a customer before using, disclosing, or allowing access to this data. And carriers are liable for the actions of those acting on their behalf.