The Federal Communications Commission (FCC) is expected to collectively fine four U.S. mobile carriers around $200 million for selling, sharing, and making available to third parties precise, real-time GPS data about their customers’ location. Despite clear evidence of ongoing commercialized privacy invasions and real risks to individual safety, the FCC has done nothing to curb these practices. These penalties are too little and too late.

“This kind of egregious privacy violation and the weak enforcement response by the FCC further demonstrates why the U.S. needs a strong, comprehensive, national privacy law,” said Lisa Hayes, Center for Democracy & Technology Interim Co-CEO. “The current lack of a law means that anyone willing to spend a few hundred dollars can buy the location data of another person at any moment in time. Americans are not willing to tolerate that type of privacy violation. We must have clear controls on the sharing of sensitive data, and strong enforcement powers to ensure that consumers are protected as intended,” Hayes added.

In this case, the carriers likely violated one or more privacy provisions in the Communications Act, but since Congress reversed the FCC’s attempt to extend similar protections to broadband, there is little to stop companies from selling or sharing similar data obtained from their customers’ internet usage. CDT encourages the Commission to pursue strong enforcement actions against privacy-invasive practices, and urges Congress to enact strong privacy legislation.