The sale of location data has become a hot business as smartphones have proliferated and technology for gleaning their whereabouts has become more precise. The information is valuable to marketers, police departments and even investment firms because it can provide revealing details about people’s daily lives, such as where they live, what shops they frequent and what doctors they visit.
The trade in location data is largely unregulated. The F.C.C.’s action is possible only because the telecommunications industry is subject to more stringent regulations than technology companies are. Firms ranging from small app makers to tech giants like Google collect massive amounts of the data from GPS, Wi-Fi and other signals, without specific laws addressing what they can do with it.
Cellphone carriers aimed to get a chunk of the business through deals with so-called location aggregators, middleman companies that provided the information to other businesses. Cellular network data is often less precise than information from apps, but it covers the vast majority of the population and is almost always available.
To protect privacy, the carriers relied on a system of contracts that required location companies to seek customers’ consent — by responding to a text message, for example, or pressing a button on an app. But the carriers failed to catch multiple companies and people following customers without their permission.
The F.C.C. said it began its investigation immediately after an article in The New York Times showed how the system had led to privacy breaches. The Times in 2018 reported that the data was eventually making its way to law enforcement, including to a former sheriff who used it to track people without a warrant. He gained access by uploading documents he falsely claimed were legal orders — including his car and health insurance policies and work training manuals, according to local news reports of his prosecution.
Securus Technologies, the company that offered the data to law enforcement, is better known for providing telephone services to inmates. Mr. Pai, the F.C.C. chairman, represented Securus while working at a law firm in 2011; he also worked as a lawyer for Verizon.
After the Securus episode, the companies said they would sharply limit the practice. But in early 2019, the technology website Motherboard showed that carriers were still selling data, and that it was ending up in the hands of bounty hunters.