Your phone carrier sells your location data. Here’s the proof.
Short answer
Yes. Phone carriers sell location data. In documented US cases, major carriers sold real-time location to data brokers and bounty hunters. In the EU, GDPR limits this, but carriers still retain location data for up to 12 months and have been repeatedly breached. Your carrier knows where you are. That data does not stay private.
They don’t advertise it. But they don’t hide it either.
Your phone carrier knows where you are right now. Where you were last Tuesday at 2am. Where you go every morning. And in documented cases, they’ve sold that information. to data brokers, to bounty hunters, to anyone willing to pay. (See: a VPN won’t save you if this already happened.)
This isn’t speculation. It’s court-documented.
What actually happened. The documented cases
In 2018, a Missouri sheriff used a carrier-data reseller called Securus to track the location of a judge and a fellow officer without a warrant. No court order. A few clicks. Real-time location.
That same year, the New York Times and Motherboard ran parallel investigations showing that all four major US carriers. AT&T, T-Mobile, Sprint, Verizon. were selling real-time location data to aggregators, who resold it to anyone who paid. Bail bondsmen. Bounty hunters. Private investigators.
The FCC eventually fined the carriers. Hundreds of millions in proposed penalties. Most were reduced or contested. Location data sales continued in modified forms through intermediaries.
In France and across the EU, carriers are legally required to retain traffic and location data for a period ranging from 6 to 12 months depending on the jurisdiction. That data is accessible to law enforcement. It is also, in practice, a dataset that has been repeatedly breached, leaked, or misused.
How location data actually moves
You sign a contract with your carrier. Buried in the terms: permission to share anonymised data with third parties for ‘service improvement’ and ‘commercial purposes.’
‘Anonymised’ is a technical claim that has been consistently disproven. Re-identification of location datasets is well-documented in academic literature. A few data points. Your home address, your workplace, your regular route. are enough to identify you from a supposedly anonymous dataset.
The data flows from your carrier to an aggregator, sometimes called a Location-Based Services provider. From there it moves to resellers. At each step, the link to your name gets thinner. But the data remains precise. And it remains yours.
What this means in practice
If you are going through a legal dispute, your location history is potentially obtainable by a motivated adversary. Not easily. But obtainable.
If you are a journalist tracking a sensitive story, your movements over the past year exist in a database somewhere. So do your sources’ movements.
If you are a military spouse or family member, your location patterns. home, school, base access routes. are in a commercial dataset that data brokers can access and resell.
Your phone being in your pocket is enough. No app required. No consent prompt. Just the signal your device sends to towers every few minutes to stay connected.
Frequently asked questions
Can my phone carrier sell my location data?
Yes, in documented cases. US carriers including AT&T, T-Mobile, Sprint, and Verizon were caught selling real-time location data to third parties. Legal frameworks vary by country, but the commercial incentive exists everywhere.
How do I stop my carrier from selling my location?
You can opt out of data sharing in your carrier’s privacy settings, but this has limited effect on data already collected or sold through intermediaries. Reducing your broader data broker exposure through a service like DeleteMe removes the most accessible layer.
What you can actually do
Carrier-level location data is hard to block. Your phone has to communicate with towers to function as a phone.
What you can do: reduce your data broker exposure. Carriers share data with aggregators. Aggregators share with brokers. Brokers publish it. DeleteMe removes your profile from the major data broker sites that make this information searchable.
It doesn’t stop the data collection at carrier level. Nothing short of not having a phone does that. But it cuts the most accessible layer. The one that makes your location history findable by anyone with a credit card.
Your carrier isn’t your partner. It’s a data company that sells you connectivity.
There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.