AT&T flogged location data to all-comers, now it's being sued

• Swisscom: Sorry we deleted some files from our cloud storage service
• Google: We spy on Google Home users and we're mad about being caught
• AT&T: Hold my beer and watch this

AT&T has been taken to court over historic accusations that, far from being a responsible custodian of its mobile customers' personal data, it sold their real-time location to seemingly anyone who wanted it, without their knowledge or consent.

Is this a new low for the industry? It certainly feels like a new low.

When a Swisscom customer uploads their files to the myCloud online storage service, and then a software error accidentally deletes some of those files, that's bad, of course. That said, it was an accident.

When someone buys a Google Home smart speaker, and it transpires that Google routinely listens in, even though you haven't activated it by saying "OK Google", that's worse. Then again, it's also a bit naïve to think a company with Google's reputation won't mercilessly collect all your data. No one forced you to bug your own house. Similar rule applies to Amazon these days, too.

When Facebook agrees to pay $5 billion to settle an investigation into how and why it exposed the data of 87 million of its members to a political consultancy tasked with influencing voters on behalf of a presidential candidate, that's also very bad. However, with Facebook, you get what you pay for, which is nothing, ergo you're the product.

But when a telco, one that is privy to its subscribers' real-time location for reasons of public safety – but has pledged to be responsible with it – is revealed to have willingly sold your exact location to third parties, who then make it available to pretty much anyone... Well, you can understand why it feels like a new low.

"Despite vowing to its customers that it does not 'sell [their] personal information to anyone for any purpose,' AT&T has been selling its customers' real-time location data to credit agencies, bail bondsmen, and countless other third parties without the required customer consent and without any legal authority," reads the class action lawsuit filed by the Electronic Frontier Foundation on behalf of AT&T customers.

"Defendants' sale of their customers' real-time location data is a violation of plaintiffs' reasonable expectations of privacy," the suit says. "Plaintiffs' expectation is reflected in widely held social norms and enshrined in state and federal law, including in the federal Communications Act, which requires AT&T to protect customers' location data precisely because it is in a privileged position to know this information as a byproduct of operating a cellular phone service."

It is worth remembering that the original investigation into all this revealed that Sprint and T-Mobile also allegedly engaged in the same shady practice.

A little unsolicited advice for telcos wanting to transform from crawling CSP caterpillar into beautiful DSP butterfly: there's a line between good DSP practice and bad DSP practice. Judging by what's in the lawsuit, it looks like certain folks at AT&T might have poured petrol all over this line, set it on fire, then danced maniacally through the flames.