AT&T and T-Mobile Say They’ll Stop Selling User Location Data

Third-party partnerships could end in March

AT&T paid a reported $1.6 billion for AppNexus in 2018. Getty Images
Headshot of Marty Swant

AT&T and other telecom companies say they plan to stop selling sensitive customer location data to third parties.

The decision, announced on Thursday evening, comes days after an investigation by Motherboard found how easily it can be to access location data for AT&T, T-Mobile and Sprint customers. The report, which chronicled a journalist hiring a bounty hunter to track down their cell phone location using telecom data, led to several lawmakers calling for an investigation into the practice of data sharing. In addition to online privacy advocates in Congress, FCC commissioner Jessica Rosenworcel tweeted that the organization “needs to investigate. Stat.”

This isn’t the first time AT&T has been in the spotlight for its data-selling, which critics worry could be used by stalkers or child predators to track down people based on their cell phone location. Last year, an investigation by U.S. Sen. Ron Wyden, D-Oregon, found that a corrections facility was able to track Americans through a third party known as Securus to get “unrestricted access” to locations of customers. The FCC opened an investigation 10 days later, while AT&T, Sprint, T-Mobile and Verizon said they would stop using the practice. However, some continued using location data in ways that the companies thought might be helpful to consumers.

An AT&T spokesperson confirmed the news via email, adding that the company is “immediately eliminating the remaining services and will be done in March.”

“Last year, we stopped most location aggregation services while maintaining some that protect our customers, such as roadside assistance and fraud prevention,” the spokesperson said in a statement. “In light of recent reports about the misuse of location services, we have decided to eliminate all location aggregation services—even those with clear consumer benefits.”

After the Motherboard report was published, Wyden described the details as “disturbing” in a tweet, adding that the practice is “a nightmare for national security and the personal safety of anyone with a phone.”

Wyden also pointed out how several telecom companies had told him last year that they would end their data sharing practices. “I keep my word,” T-Mobile CEO John Legere tweeted in response.

“T-Mobile IS completely ending location aggregator work,” Legere wrote. “We’re doing it the right way to avoid impacting consumers who use these types of services for things like emergency assistance. It will end in March, as planned and promised.”

The revelations come at the beginning of a new Congress that could likely address the online privacy issues that continue to plague social media platforms and their users. Last year, Facebook repeatedly came under fire for the ways it allowed the now-defunct data firm Cambridge Analytica to gain access to user data. The increased worries over privacy led several lawmakers to introduce legislation to limit what companies can collect about consumers, while California passed its own statewide law that will go into effect in 2020.

Legislation at the federal level could be introduced at the federal level later this month. It’s also possible that Congress might invite telecom executives to testify about their data practices—much as like Facebook CEO Mark Zuckerberg, Google CEO Sundar Pichai and Twitter CEO Jack Dorsey did in 2018. However, as Congress continues to grapple with the ongoing government shutdown, it’s unclear whether lawmakers will be able to gain enough attention or traction to address online privacy to the extent some lawmakers would like.

@martyswant Marty Swant is a former technology staff writer for Adweek.