AT&T was hit with a lawsuit Tuesday accusing it of selling customers’ real-time location data to third parties like credit agencies and bail guarantors, along with bounty hunters and stalkers, without having customer consent.
The Electronic Frontier Foundation (EFF) and Pierce Bainbridge Beck Price & Hecht LLP are representing three AT&T customers in the class action suit against AT&T and other data aggregation companies, explicitly singling out LocationSmart and Zumigo.
“The location data AT&T offered up for sale is extremely precise and can locate any of its wireless subscribers in real-time, providing a window into the intimate details of their lives: where they go to the doctor, where they worship, where they live, and much more,” said Abbye Klamann Ognibene, an associate at Pierce Bainbridge, said in an EFF press release.
The press release points to an investigation by Motherboard from earlier this year that alleged major mobile networks like AT&T, T-Mobile and Sprint were selling access to customers’ location data to entities such as bounty hunters, car dealerships, or landlords.
Tuesday’s lawsuit by the EFF alleges that AT&T violated the Federal Communications Act and engaged in deceptive practices. the EFF also said that AT&T, Zumigo and LocationSmart violated constitutional, statutory, and common law rights to privacy under California state law.
“AT&T and data aggregators have systematically violated the location privacy rights of tens of millions of AT&T customers,” said EFF Staff Attorney Aaron Mackey in a statement. “Consumers must stand up to protect their privacy and shut down this illegal market. That’s why we filed this lawsuit today.”
EFF is looking to prohibit the mobile network giant from selling further location data and for AT&T to return or destroy any location data that was sold by the network.
AT&T told Digital Trends that it no longer shares location data with aggregation companies and plans to fight the lawsuit.
“The facts don’t support this lawsuit, and we will fight it. Location-based services like roadside assistance, fraud protection, and medical device alerts have clear and even life-saving benefits. We only share location data with customer consent,” ” a spokesperson for AT&T told Digital Trends. “We stopped sharing location data with aggregators after reports of misuse.”
According to its website, LocationSmart is a cloud location service that provides “privacy-protected location services from multiple sources including carriers, Wi-Fi, IP addresses, device SDK and landlines…”
LocationSmart told Digital Trends, “LocationSmart will fight this lawsuit because the allegations of wrongdoing are meritless and rest on recycled falsehoods. LocationSmart’s API platform facilitates life-saving and other vital location-based services, which require end-user consent.”
Zumigo is a similar service that “ensures user authenticity and prevents fraud by combining mobile identity and location.”
Digital Trends reached out to LocationSmart and Zumigo for comment on the lawsuit and the alleged claims, but we’ve yet to received a response.
