Most top mobile carriers retain geolocation data for two years on average, FCC findings show
Ten of the top 15 mobile carriers collect geolocation data and provide no way for consumers to opt-out, according to information from the telecom companies the Federal Communications Commission published Thursday.
The carriers’ answers to questions about data collection and retention from the FCC come in response to a July request from the agency seeking information on geolocation practices in light of concerns about how law enforcement could use phone data to arrest abortion-seekers in states where the procedure is now illegal or will soon be outlawed.
AT&T, Best Buy Health, Charter, Comcast, Consumer Cellular, C-Spire, DISH Network, Google FI, H2O Wireless, Lycramobile, Mint Mobile, Red Pocket, T-Mobile, U.S. Cellular and Verizon responded to the FCC inquiry.
“Our mobile phones know a lot about us. That means carriers know who we are, who we call,
and where we are at any given moment,” said FCC chairwoman Jessica Rosenworcel. “This information and geolocation data is really sensitive. It’s a record of where we’ve been and who we are. That’s why the FCC is taking steps to ensure this data is protected.”
In their responses, companies generally cited the need to comply with law enforcement requests as well as FCC rules as their reason for being unable to allow consumers to opt-out of collection and retention.
The responses also provided a window into data retention practices, which ranged from two months to five years for cellular tower data for the responding companies. Only seven of the companies explicitly mentioned protecting that data with encryption.
Geolocation data offers a detailed window in the lives of users, including everything from where they shop to what medical providers they seek out.
The agency isn’t relying on the carriers’ responses, however. Rosenworcel tasked the agency’s Enforcement Bureau with a follow-up investigation into making sure carriers follow the FCC rules that require them to disclose how they are using and sharing geolocation data.
Justin Brookman, director of technology policy at Consumer Reports, said the order is an “appropriate step” but consumers still need more protections.
“I’m glad that there’s some more transparency now but that transparency only goes so far,” said Brookman. “I think the next step is the FCC needs to say when is holding on too long, when are the secondary uses to which they’re using the data too much?”
Carriers have misled consumers about how they use their geolocation data before. In 2020, the FCC proposed more than $200 million in fines against several major carriers for selling customer location data to bail bond companies and other third parties.