Advocacy Groups Applaud FCC Release of Information on Mobile Data Collection: Broadband Breakfast

WASHINGTON, Aug. 29, 2022 — Advocacy groups support the Federal Communications Commission’s decision to publicly release information about how major wireless carriers store and distribute customer location data.

Thursday, the president of the FCC Jessica Rosenworcel relevant letters made public that were submitted by the 15 major U.S. wireless carriers in response to an FCC request issued last July. The group of respondents includes telecommunications giants AT&T, Comcast, Spectrum Mobile, T-Mobile, Verizon and Google.

“The FCC has a responsibility to ensure that carrier privacy practices continue to evolve with technology,” said Harold Feld, senior vice president of Public Knowledge, in a statement. “These letters show that…carrier geolocation data practices are all over the map.

“The FCC has said it will continue to investigate whether the carriers’ practices violated any laws,” Feld added, “but the FCC can and should do more.”

justin brookmandirector of technology policy at Consumer Reports, said he thinks government oversight of mobile carriers is needed: “People have no choice but to share very sensitive data like geolocation with mobile carriers. mobile operators only for these products to work.There should be substantial constraints on what they do with this information and for how long they retain it.

Does your mobile operator share your data with third parties?

In its response to the FCC, Google states: “Google Fi does not share data with non-law enforcement third parties without subscriber consent, except as necessary to provide Google Fi services. or as required by law”. Google’s privacy policy, however, shows a broad definition of “necessary to provide Google Fi services”.

The policy states that Google regularly shares customer data – including location data – with “trusted” third parties to improve its services. And while Google does not provide an example of how location data is distributed, it does provide other examples of third-party access to users’ personal information.

“We also use service providers to help review YouTube video content for public safety and analyze and listen to samples of recorded user audio to help improve Google’s audio recognition technologies,” the policy says.

Most of the other responding carriers stated that they do not provide location data to third-party entities under any circumstances (apart from law enforcement). AT&T, however, shares user information – including location data – with third-party advertisers on an opt-out basis. AT&T customers can also opt-in to “Enhanced Relevant Advertising,” which sends more comprehensive data to third parties.

And Verizon also doesn’t fully withhold customer information, he said. The carrier attested to having used the data “…to help [Verizon] and the actions of other companies’ wireless customers as a whole. Customers can opt out of this data sharing initiative, however.

Collection and storage of data by carriers

There are commonalities in carrier data collection and storage methods, according to an analysis of the letters. Most highlighted their commitment to user privacy, detailing security measures including extensive employee training and data encryption. Many operators’ responses are also tied to publicly available privacy policies.

Operators that operate on their own mobile networks collect geolocation data from cell towers. Such collection is necessary to carry cellular signals and perform basic cellular functions like calling and texting. Some carriers, including AT&T, Verizon, and Google, also collect geolocation data from proprietary apps or other software.

Mobile virtual network operators – for example, Lively, Xfinity, Spectrum Mobile – do not have their own networks. MVNOs use the networks of partner providers. Comcast’s Xfinity, for example, uses Verizon’s cell towers, as does Spectrum Mobile.

Unlike mobile network operators, MVNOs said they only receive non-specific location data needed for their basic operations. According to the response from the CEO of Red Pocket Mobile, Joshua Gordon“Such generalized data provides no insight into a customer’s precise geolocation and is not generally considered ‘geolocation data’ in the telecommunications industry.”

Once the geolocation and non-specific location data has been collected, it is generally kept for a period of one to two years, depending on the operator. Notably, AT&T said it retains certain non-location-specific cell tower data for a period of five years. Another outlier is Consumer Cellular, which, according to his answer, stores data online for four months and then transfers the data to an offline database where it is stored indefinitely.

The letters come after the House Energy and Commerce Committee last month passed federal privacy legislation, known as the American Data Privacy and Protection Act, which would establish a data privacy framework and mechanisms. application for this one. Verizon applauded the legislation in its submission to the FCC.

Comments are closed.