FCC Seeks New Privacy Rules For Mobile Service Providers
September 13, 2022 | 4 minutes read
As smartphones have become the primary mechanism that enables businesses and organizations to gather a wide range of personal information from consumers around the world, many privacy advocates and regulators around the U.S. have called for more rigorous standards to be imposed against the multitude of mobile services providers that currently operate within the marketplace. Subsequently, new findings proliferated by the Federal Communications Commission (FCC) have found that there are major discrepancies between the ways in which the nation’s top 15 mobile service providers are required to safeguard the privacy and personal data of their respective customers.
Likewise, current FCC chairwoman Jessica Rosenworcel was quoted last month as saying that “Carriers know who we are, who we call, and where we are at any given moment.” To illustrate this point further, the multinational Germany-based phone carrier T-Mobile was recently ordered to pay more than $500 million in July of this year in response to a data breach that took place in August 2021. During the breach in question, it has been alleged that more than 76 million consumers effectively had their personal data stolen by a group of hackers that were able to infiltrate T-Mobile’s security systems.
Data retention practices
Staying on the topic of T-Mobile, one of the primary factors that enable hackers to launch data breaches against large-scale mobile services providers is the length of time that such businesses retain the personal information of their customers. To this end, there are no laws or regulations that govern the manner in which a mobile services provider is required to retain personal data, as T-Mobile reportedly stores the personal information they obtain from consumers for up to 24 months. What’s more, some mobile services providers also store certain forms of personal information longer than other data elements, including AT&T, which reportedly stores numerous forms of personal data obtained from customers for periods of time ranging from 13 months to 5 years.
Alternatively, Verizon Wireless, the largest mobile phone carrier in the U.S., has publicly stated that they store the personal information of their customers for no more than 1 year. Due to the inherent lack of industry standards that exist as it concerns mobile service providers, it can be difficult for consumers to identify the specific means that a particular provider will use to secure their personal data, much less how long such data will be retained by a provider. On top of this, there are also no industry standards that govern the sale of personal data that is obtained from consumers that utilize mobile phone services, aside from the handful of states around the country that have enacted data protection legislation in recent years, including the California Consumer Privacy Act (CCPA), among others.
Federal data privacy law
To this last point, the regulation of mobile service providers within the U.S. is one of the many issues that fall under the larger umbrella of federal data privacy around the country. In lieu of a comprehensive data protection law that is enforced by the U.S. federal government, a business such as a mobile services provider is only required to adhere to the laws and regulations that are present within a particular state or jurisdiction within the country. As the overwhelming majority of U.S. states have yet to enact legislation regarding data privacy, this essentially means that the average consumer is left out in the cold as it pertains to the security of their personal data, as they will effectively be at the mercy of whatever mobile service provider they have access to at any given time.
Roe v. Wade
In addition to the bevy of personal privacy issues that citizens within the U.S. have been dealing with for the past decade, the overturning of Roe v. Wade in June of this year has added another level of uncertainty for many people around the country. As many state legislatures have begun the process of outlawing the practice of abortion in the states in which they preside, many citizens have expressed concern about their ability to exercise their reproductive healthcare rights due to the trove of location data that is collected from smartphones on a daily basis. Furthermore, even when a person turns the location data feature on their mobile phone off, these consumers may still be tracked through other mobile applications or search engines that are downloaded on their devices, as several class action lawsuits in the past few years have demonstrated.
Due to the rise of smartphones in the past decade, as well as the personal data that can be collected from the users of such devices, many businesses have looked to use this data to deliver new advertisements to consumers in an effort to increase their reach and ultimately, their revenue. However, these business goals must not infringe on the ability of American citizens to protect their personal privacy and data, irrespective of any legislation that may be currently on the books at both the federal and state levels. As a result, while the FCC’s most recent push to further regulate the mobile services provider industry may never bear fruit, these businesses must be governed in some fashion if American citizens will ever be able to truly protect their personal information.