By Drew FitzGerald and Sarah Krouse

Verizon Communications Inc., AT&T Inc. and Sprint Corp. pledged to stop sharing customer locations with two data brokers after at least one company revealed individuals' whereabouts without their consent.

Verizon said it would wind down data-sharing agreements with LocationSmart and Zumigo Inc., which buy the location data from major U.S. carriers and allow other businesses to access the information for everything from marketing nearby shops to preventing credit-card fraud.

"We will not enter into new location aggregation arrangements unless and until we are comfortable that we can adequately protect our customers' location data," Verizon privacy chief Karen Zacharia wrote in a June 15 letter to Sen. Ron Wyden (D., Ore.), who wrote all four national wireless operators last month asking them about their privacy practices.

Ending those partnerships will take several weeks to a couple of months, a Verizon spokesman said Tuesday.

In a statement Tuesday, AT&T said it "will be ending our work with aggregators for these services as soon as practical in a way that preserves important, potential lifesaving services like emergency roadside assistance."

Sprint "suspended all services with LocationSmart" last month and "is beginning the process of terminating its current contracts with data aggregators to whom we provide location data." A spokeswoman said that effort "will take some time in order to unwind services to consumers, such as roadside assistance and fraud prevention services."

The U.S. phone carriers are the latest corporate giants promising to improve their privacy standards after embarrassing revelations about their handling of customer data. Facebook Inc. continues to face questions from government authorities in several countries after the social network revealed that data firm Cambridge Analytica obtained data on as many as 87 million of its users without the company's permission.

LocationSmart and Zumigo have contracts with the four U.S. wireless companies that allow them to pull cellphone users' locations in real time and share them with other businesses. For example, the carriers say truck rental firms use the data to better assist customers on the road and banks use the data to determine proximity to a caller's home to help confirm their identity.

All four carriers said their agreements with the data aggregators required them to get users' consent to use their location information. Some users consent to sharing their cellphone location information when they do business with financial institutions or other companies from which they are buying services. Those firms often include that request for permission in lengthy terms and conditions policies.

It is unclear whether consumers will notice a change after the partnerships end. It wouldn't affect location data that customers agree to share with applications such as Uber Technologies Inc. and Google Maps through their cellphone's operating system. Software on Apple Inc.'s iPhones and Google's Android smartphones help those mobile apps identify users' locations.

Chirag Bakshi, Zumigo's founder and chief executive, said Verizon told his company it has until November to agree on a solution that more tightly controls customer data. Mr. Bakshi said the San Jose, Calif., company handles fewer than 100,000 location requests a day, mostly on behalf of financial institutions seeking to root out fraud and of shipping companies tracking truck movements.

"We're very careful in who we select as customers and we only do this for companies who are very well known," Mr. Bakshi said in an interview. "This is to protect consumers"

More than 100 companies ranging from truck fleet operators to online lotteries draw on location data that ultimately flows from LocationSmart, Mario Proietti, the company's chief executive, said in a May interview.

He said LocationSmart logs each location request made through its system. "All our location is on request," except for developers testing the system, he said. "There's not tracking going on."

The wireless providers took action after the New York Times reported that a prison telephone company called Securus Technologies had expanded a service designed to monitor inmate calls with a website that let sheriffs and corrections officers find any cellphone user's location without a court order.

The carriers said that service was unauthorized and had accessed the information through another third-party, 3cinteractive Corp., that in turn obtained the data from LocationSmart. Representatives from 3cinteractive didn't respond to requests for comment.

Securus spokesman Mark Southland said in a statement that the company adheres to its contract, adding that cutting off law enforcement access to location tools "will hurt public safety and put Americans at risk."

All four carriers said in separate letters to Sen. Wyden that they curtailed Securus's access to customer-location data. T-Mobile US Inc. stopped short of cutting off LocationSmart.

A LocationSmart spokesman on Tuesday said the Carlsbad, Calif., company isn't a data broker that buys and sells customer records. "LocationSmart is an 'aggregator' only in the sense that it provides an interface that enables service providers to request location information from wireless carriers," he said.

Wireless companies typically share their customers' locations with emergency responders in specific situations. The operators say other uses are subject to customers' explicit consent. Wireless carriers also share anonymized location data with marketers. They often require that users explicitly opt out of those programs.

Securus wasn't the only company accused of mishandling location information. A Carnegie Mellon University researcher in May found similar data potentially exposed via LocationSmart's website.

Robert Xiao, the researcher who discovered the flaw on LocationSmart's website, said wireless companies often say they only share customer information with their consent. This incident "calls that assumption into question," he said.

Write to Drew FitzGerald at andrew.fitzgerald@wsj.com and Sarah Krouse at sarah.krouse@wsj.com

(END) Dow Jones Newswires

June 19, 2018 16:55 ET (20:55 GMT)

Copyright (c) 2018 Dow Jones & Company, Inc.
Verizon Communications (NYSE:VZ)
Historical Stock Chart
From Mar 2024 to Apr 2024 Click Here for more Verizon Communications Charts.
Verizon Communications (NYSE:VZ)
Historical Stock Chart
From Apr 2023 to Apr 2024 Click Here for more Verizon Communications Charts.