The rumors were true: the FCC wants to fine major carriers for their approach to selling phone location data. The regulator has proposed a total of $208 million in fines against the top four US carriers for reportedly selling access to location info without "reasonable measures" to prevent unauthorized access. T-Mobile would face the (relatively) stiffest penalty with over $91 million, while AT&T could be fined over $57 million. Verizon (Engadget's parent company) could be hit with a roughly $48 million fine, while Sprint would 'only' have to contend with a $12 million fine.
The networks followed a similar pattern, according to the FCC. They sold location access to aggregators that themselves resold access to service providers, with each carrier relying largely on "contract-based assurances" that they'd get permission from customers before accessing that info. As you might have guessed, that didn't always happen -- one Missouri Sheriff, Cory Hutcheson, got access to "hundreds" of customers' data without permission between 2014 and 2017.
There were no mentions of allegations that carriers continued to sell location data despite assurances they would stop. The FCC stressed that the accusations and proposed penalties weren't final, however.
It won't surprise you to hear that there's opposition to the fines. A T-Mobile spokesperson claimed to Engadget that the carrier "took quick action" and was the first carrier to stop selling location data, but that it "fully intend[s] to dispute" the FCC's proposal. We've asked AT&T, Sprint and Verizon for comment as well.
Any fines won't do lasting financial damage to these networks when they frequently earn more money than this in a single day, but that's not entirely the point. The FCC ultimately wants the companies to do a better job of locking down data, including verifying permission directly with customers. That could force them to institute stricter policies, and might reduce the allure of selling data when it can't be used to track people without their consent.