The Federal Communications Commission is set to propose about $200 million in fines against four major cellphone carriers for selling customers’ real-time location data, according to three people briefed on the discussions.
The penalties would be some of the largest the agency has imposed in decades and represent the first action it has taken on the issue, though privacy advocates and critics in Congress say even that response is inadequate. The amount is not final, and the companies — AT&T, Sprint, T-Mobile and Verizon — will have the opportunity to respond and argue against the fines.
The trade in location data has emerged as a sensitive privacy issue because it affects hundreds of millions of people and can reveal intimate details about their lives, including personal relationships and visits to doctors. “It puts the safety and privacy of every American with a wireless phone at risk,” Jessica Rosenworcel, a Democratic commissioner at the F.C.C., said in a statement last month about the agency’s investigation.
Sale of the data is widespread among app makers and other technology companies, but the telecommunications sector is subject to more stringent laws protecting customers’ confidentiality.
Ajit Pai, the F.C.C. chairman, said in a letter to the House Commerce Committee last month that the agency’s investigators had concluded that “one or more wireless carriers apparently violated federal law,” but it was unclear at that time what penalty the F.C.C. would suggest.
The F.C.C., scheduled to have a public meeting on Friday, has not yet made the proposal official but has the necessary votes, said the three people, who spoke on the condition of anonymity because they were not authorized to discuss the matter publicly.
Agency officials declined to comment until the final vote was announced. The Wall Street Journal reported earlier that the F.C.C. would be seeking fines in the case.
The investigation stemmed from articles in The New York Times and elsewhere about cellphone carriers’ provision of the data to companies called location aggregators. The Times in 2018 reported that the data was eventually making its way to law enforcement, including to an official who was charged with using it to track people without a warrant.
Location data from cellphone carriers proved valuable because it was consistently available and included almost every American with a mobile phone. Carriers sold access to it for marketing purposes and services like bank fraud protection, under contracts that required location companies to get customers’ consent, for example by responding to a text message or pressing a button on an app. But the contracts could not ultimately prevent abuse. The F.C.C. found that the cellphone companies had broken federal law by being negligent with customers’ information.
Later that year, the companies said in response to questions from an F.C.C. commissioner that they had stopped the practice.
The continued sale of data was the impetus behind the penalties, which amount to tens of millions of dollars for each carrier, people familiar with the matter said. The F.C.C. is fining companies depending on the number of days they allowed the data access to continue.
“I am committed to ensuring that all entities subject to our jurisdiction comply” with the law and the F.C.C.’s rules, Mr. Pai said in his letter to lawmakers.
But the time between the initial 2018 report and the proposed penalties, and the expected size of the fines, has raised the ire of privacy hawks. One Democratic commissioner, Geoffrey Starks, wrote an opinion piece in The Times last year complaining that “nearly a year after the news first broke, the commission has yet to issue an enforcement action or fine those responsible.”
Senator Ron Wyden, an Oregon Democrat who has repeatedly pressured the companies and the F.C.C. over the data sharing, said in a statement on Thursday that the chairman “only investigated after public pressure mounted,” adding that the fines were “comically inadequate” to deter future privacy violations.