in Newswire Published on May 3, 2019

AT&T Hit with Class Action Over Customer Geolocation Data Sharing Practices [UPDATE]

by Erin Shaak

Last Updated on February 28, 2020

View Comments

Morrison v. AT&T Mobility, LLC

Filed: April 29, 2019 § 1:19-cv-01257

Read Complaint

AT&T faces a proposed class action lawsuit in which the telecommunications company is accused of failing to protect customers’ geolocation data from unauthorized use by third parties.

Defendant(s)

AT&T Mobility LLC

Law(s)

State(s)

Maryland

Categories

Technology Privacy

Case Updates

Update – November 12, 2019 – Lawsuit Sent to Arbitration

The lawsuit detailed on this page, as well as similar proposed class actions filed earlier this year against Verizon, T-Mobile and Sprint, has been sent to arbitration by a Maryland federal judge.

U.S. District Judge James K. Bredar wrote in a memorandum opinion addressing each case that the plaintiffs’ claims that the carriers’ arbitration provisions are “procedurally and substantively” unconscionable “fail as a matter of law,” and therefore “need not” be addressed by the court.

While the court conceded that claims about the defendants’ geolocation data sharing practices, if true, are “indeed troubling,” courts, the judge wrote, are prohibited from treating arbitration “as an inferior or less reliable means of vindicating important substantive rights.” 

“Even if Defendants did engage in egregious conduct, courts must avoid considering the merits of a claim in deciding whether a dispute is arbitrable,” the opinion reads, adding that the plaintiffs “have offered no legal justifications for departing from this well-established precedent.”

As government scrutiny heightens over the handling of consumers’ private information, AT&T faces a proposed class action lawsuit in which the telecommunications company is accused of failing to protect customers’ geolocation data from unauthorized use by third parties.

Filed in Maryland federal court, the lawsuit says AT&T sells customer data to third parties, such as data aggregators, with little to no oversight of how that data is to be used. The result, the case says, is that customers’ private location information is negligently passed down by AT&T into the hands of “literally anybody who is looking.”

The issue first came to light, according to the complaint, in May 2018 when Senator Ron Wyden (D-OR) warned in a letter to AT&T that correctional facility telephone service provider Securus Technologies had been collecting real-time location information about AT&T customers and storing it in a web portal that was accessible to the government. The fact that Securus had access to this private information concerned the senator, the lawsuit says, and suggested that AT&T “does not sufficiently control access to [its] customers’ private information.”

The lawsuit explains that Securus had purchased the information from a third-party data aggregator that had a commercial relationship with major wireless carriers such as AT&T.

In a reply letter, AT&T, among other defenses, maintained that it only shares customer data when the customer consents to such disclosure, and that it had not authorized Securus’s use of the collected customer information for storage in a web portal.

The case then delves into a January 2019 Motherboard article in which the news outlet investigated the geolocation data sharing of major telecommunications companies like AT&T. As part of the investigation, a journalist paid a bounty hunter $300 to locate a cell phone, the suit says, and he “did just that” with the help of location data originally provided by wireless carriers. According to the article,  “a wide variety of companies” and “smaller players” can access customers’ geolocation data through third parties, such as data aggregator MicroBilt, that sell the information with little oversight. The data eventually ends up in the hands of a variety of private parties “ranging from car salesmen and property managers to bail bondsmen and bounty hunters,” the suit reads.

“In essence, AT&T was relying on the end user of the location data not to abuse the data, or not to obtain the data under false pretenses,” the complaint reads. “In practice, the end users exercised no oversight over the process whatsoever.”

The lawsuit argues that AT&T owes a duty to its customers to protect their data from such unauthorized use by extending more oversight over the companies to which it sells customer data.

The company is currently being investigated by the Federal Communication Commissions (FCC) and Federal Trade Commission.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on February 28, 2020 — 2:34 PM

Erin Shaak

erin@classaction.org

Erin works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.