Federal Communications Commission 
Washington, D.C. 20554



Geoffrey Starks 
 Commissioner

August 4, 2020

Hans Vestberg, CEO
Verizon Communications
1095 Avenue of the Americas
New York, NY 10013

Dear Mr. Vestberg:

In February, the Federal Communications Commission completed its investigation of telecommunications carriers and published a Notice of Apparent Liability (NAL) 	Verizon Communications, Notice of Apparent Liability for Forfeiture and Admonishment, 35 FCC Rcd 1698 (EB 2020) (Verizon NAL).
, alleging misuse of customer location data and violation of Section 222 of the Communications Act by Verizon Communications (Verizon). As stated in the NAL, “the precise physical location of a wireless device is an effective proxy for the precise physical location of the person to whom the phone belongs…. Exposure of this kind of deeply personal information puts those individuals at significant risk of harm—physical, economic, or psychological.”     Verizon NAL at para 85.


Our investigation identified failures at Verizon to protect customer proprietary network information. For example, failures to prevent location-based service providers from misusing customer location information were reported by the New York Times in 2018. 	See Jennifer Valentino-DeVries, “Service Meant to Monitor Inmates’ Calls Could Track You, Too,” New York Times (May 10, 2018). 
 Verizon responded in June 2018, stating it was initiating proceedings to terminate contracts with location information aggregators as soon as possible. Despite these indications, Verizon continued its contractual relationships for nearly a year, and even implemented an alternative program (Direct Location Services program) for location-based service providers. Verizon did not terminate all service provider access to customer location information until March 30, 2019—324 days after the New York Times article; the Direct Location Services program continued through July 2019.

Here again I find myself inquiring about data and privacy issues that lack transparency. Accordingly, I write today to seek additional information about Verizon’s practices and procedures for protecting consumer information—particularly location data—and its commitment to data privacy. This inquiry comes on the heels of a letter recently filed by a bipartisan group of members of Congress with the Federal Trade Commission and a report published by the Wall Street Journal.	See Byron Tau and Patience Haggin, “Lawmakers Urge FTC Probe of Mobile Ad Industry’s Tracking of Customers,” The Wall Street Journal (July 31, 2020).
 The report explains that companies in the advertising technology industry are selling private data about millions of Americans, including location data tracking them to places of worship and protests—including, alarmingly, lawful Black Lives Matter protests. Accordingly, I am interested in Verizon’s allowance of and participation in these practices following our above-mentioned NAL proceedings, as they appear to promote similar threats to consumer privacy by different means. Please provide me with full responses to each of the following questions:

1. Indicate whether Verizon Communications, any of its subsidiaries or any corporate affiliates (including, but not limited to, Verizon Media and/or any media products obtained through the acquisition of AOL or Yahoo), have ever bought, sold, shared, or received the “bidstream” data referenced in the above-referenced congressional letter and the Wall Street Journal report. Please describe the full range of these practices, including when Verizon and/or the relevant subsidiary or affiliate began engaging in them.  
2. Provide the number of real-time bidding auctions where Verizon (including affiliates or subsidiaries) has participated and location data inside the United States was provided. Provide this information for each year since the practice began. If the practice is ongoing, please provide partial information for 2020.  
3. What policies do you have in place to prohibit the tracking of Americans attending protests, including the Black Lives Matter protests?
4. What policies do you have in place to minimize or destroy location data related to sensitive locations, including places of worship and medical facilities? How do you monitor compliance by other participants in the “bidstream” ecosystem?
5. In connection with the above-referenced NAL, Verizon indicated an end to its location-based services business model in July 2019. Explain why the practices you identify in response to Question 1 are not the functional equivalent of the practices Verizon claimed it had discontinued. 
6. Explain what authentication measures Verizon (including affiliates or subsidiaries) has requested or implemented for real-time bidding auctions to ensure customer data is being used for targeted advertising and not being inventoried.

I appreciate your attention on this matter, and I look forward to your responses. I also look forward to our collaborative efforts to ensure consumer protection and data privacy. I view this as an urgent matter. Please send your response to me electronically to Geoffrey.Starks@fcc.gov and Austin.Bonner@fcc.gov no later than August 25, 2020. If you are unable to answer the above-listed questions as of the deadline, or if there are any material changes to your responses after submission, please notify my office immediately.


Regards,



Geoffrey Starks