EFF Hits AT&T With Lawsuit Over Sale Of User Location Data
from the ill-communication dept
We’ve noted a few times now that while Facebook gets a lot of justified heat for its privacy scandals, the stuff going on in the cellular data and app market in regards to location data makes many of Facebook’s privacy issues seem like a grade-school picnic. That’s something that was pretty well highlighted by a wave of massive scandals showing how your daily location data has long been collected by cellular data companies, then sold to a laundry list of dubious individuals and organizations. Outfits that have repeatedly failed to prevent this data from being abused by everyone from law enforcement to stalkers.
The Ajit Pai FCC has yet to lift a finger or so much as scold the companies for their cavalier treatment of private user data. And while cellular giants like AT&T, Verizon, Sprint, and T-Mobile say they’ve stopped the practice in light of these scandals, nobody has actually bothered to confirm this fact. Given the billions to be made, it’s certainly possible these companies may have just made a few modest changes to what’s collected, who they sell this data to, and what they call this collection, but are still engaged in monetizing your daily location habits in some fashion.
Enter the EFF, who this week filed a new class action lawsuit against AT&T (pdf). The suit seeks an injunction to ensure that AT&T can no longer collect and sell this data. The class action represents several California AT&T users who say they were never informed, nor gave consent, for their location data to be used in this fashion:
“Defendants? practices allow Plaintiffs and other AT&T customers to be tracked and targeted by unknown third parties without their knowledge. AT&T leverages the technology embedded within a customer?s phone and its own network infrastructure to locate its customers without any indication that AT&T is tracking them in order to sell their precise location to third parties for non-911 purposes. Indeed, AT&T?s practices were only publicly exposed after an FBI investigation revealed that a sheriff in Missouri had used carrier location data to stalk a Circuit Court Judge and fellow law enforcement officers without their knowledge or consent and without any legal authority to do so. This highly sensitive data has also been used to harass AT&T customers and bypass the rights afforded by the Fourth Amendment.”
The lawsuit also demands that AT&T delete the oceans of data that the carrier has collected and sold over the last decade (a bit tricky given the number of companies this data has long been shared with). It also alleges that AT&T violated the Federal Communications Act by not protecting location data, and California’s Unfair Competition Law and the Consumers Legal Remedies Act by misleading consumers as to the sale of this data. The EFF also states that both the cellular carriers and proxy aggregator companies violated the California Constitutional Right to Privacy.
In a statement to Motherboard, AT&T unsurprisingly promised to fight the lawsuit, and again insisted it had already ceased selling location data to third-party aggregators:
“While we haven?t seen this complaint, based on our understanding of what it alleges we will fight it. Location-based services like roadside assistance, fraud protection, and medical device alerts have clear and even life-saving benefits. We only share location data with customer consent. We stopped sharing location data with aggregators after reports of misuse.”
Having covered AT&T for the better part of several decades, I can promise you that AT&T’s not going to give up this multi-billion dollar market without some form of shenanigans, and that an objective third-party audit confirming AT&T’s claims will be essential in putting these scandals to rest.