The U.S. Court of Appeals for the District of Columbia Circuit this week upheld the Federal Communications Commission (FCC) ruling fining T-Mobile about $92 million for selling customers’ location information (CLI) to data aggregators who then resold it to third parties. The decision follows a broader FCC action last year that levied nearly $200 million in penalties against T-Mobile, AT&T, and Verizon for similar data-sharing practices with aggregators such as LocationSmart and Zumigo.
Regulators found that the carriers failed to implement reasonable safeguards to protect location data and effectively attempted to shift responsibility to downstream recipients, often without obtaining valid customer consent. The investigations showed that the carriers continued to sell CLI even after becoming aware that their safeguards were failing.
Financially, T-Mobile faced roughly $80 million of the total, with an additional $12 million attributed to its Sprint merger. AT&T and Verizon were fined $57 million and $47 million, respectively. All three operators challenged the ruling; AT&T’s penalty was overturned in a separate ruling, while T-Mobile’s bid to overturn or reduce the fines was rejected by the court.
U.S. District Court Judge Florence Pan stated that, based on undisputed facts, the carriers did violate the Communications Act and that the Commission did not exceed its authority. The petitions for review were denied, leaving the penalties intact.
The decision comes as attention remains on Verizon, which is contesting its own $47 million fine in a separate case. T-Mobile has not indicated whether it will pursue further appeals. The ruling underscores the FCC’s ongoing commitment to enforcing data-protection standards and holding mobile operators accountable for sharing customer location data without proper consent.