The United States Supreme Court’s recent oral arguments in the high-stakes dispute between the Federal Communications Commission (FCC) and telecom giants AT&T and Verizon mark a pivotal moment in the evolution of U.S. privacy enforcement. At issue is more than $100 million in penalties tied to the alleged mishandling and sale of highly sensitive customer location data—a category of information that regulators increasingly treat as among the most invasive forms of personal data.
While the case is framed around constitutional questions—specifically whether the FCC’s enforcement process violates the Seventh Amendment right to a jury trial—the broader implications extend far beyond procedural nuance. This is a case about how privacy laws are enforced in the United States, who holds power in that enforcement, and whether companies can realistically challenge regulators without incurring immediate financial and reputational damage.
The Core Issue: Can Agencies Impose Massive Privacy Fines Without Immediate Judicial Review?
At the heart of the dispute is the FCC’s authority to issue “forfeiture orders”—formal determinations that a company has violated the law and owes a financial penalty. In this case, those penalties totaled tens of millions of dollars for each telecom provider, based on allegations that they improperly sold or shared customer location data with third parties.
The telecom companies argue that this enforcement structure creates a coercive environment. Even if the fines are technically not enforceable until challenged in court, the issuance of a detailed, strongly worded order labeling a company as a violator creates immediate pressure to pay.
From a business standpoint, the concern is straightforward:
Once a regulator publicly declares that you violated privacy law, the damage is already done—regardless of whether you later win in court.
This raises a critical question for privacy professionals: Is enforcement truly fair if companies must absorb reputational risk before they have the opportunity to defend themselves?
The Government’s Position: Due Process Exists—But Timing Is Flexible
The Department of Justice, defending the FCC, takes a different view. Its argument is that the enforcement framework does not deny due process—it simply structures when that process occurs.
Under this interpretation:
- The FCC issues an initial determination of liability
- The company can refuse to pay
- The government must then pursue enforcement through the courts
- At that stage, the company is entitled to a full judicial proceeding, including a jury trial
In other words, the right to challenge exists—but it is not immediate.
The Supreme Court appeared, at least during oral arguments, somewhat receptive to this framework. Several justices suggested that the availability of eventual judicial review may be sufficient to satisfy constitutional requirements.
Why the Court Appears Inclined to Side with the FCC
Despite ideological divisions on the Court, questioning from multiple justices indicated a degree of skepticism toward the telecom companies’ arguments.
Chief Justice John Roberts, for example, appeared to frame the dispute less as a constitutional crisis and more as a reputational concern. His line of questioning suggested that companies are not legally obligated to pay fines immediately—and therefore retain the ability to challenge them.
Similarly, Justice Elena Kagan emphasized that the FCC’s forfeiture orders are not final judgments but rather agency determinations that can be revisited entirely in court.
This perspective reinforces a broader principle: administrative agencies are permitted to make initial findings of liability, even in high-stakes privacy cases.
However, not all justices were fully aligned with this view.
The Subtle Concern: Were Companies Misled Into Paying?
Justice Brett Kavanaugh raised a more nuanced issue—one that could ultimately shape the outcome of the case.
He focused on whether the FCC’s orders were sufficiently clear about the companies’ rights to challenge the fines before payment. If the language of the orders created the impression that payment was mandatory, that could undermine the legitimacy of the enforcement process.
This distinction matters.
There is a significant difference between:
- A regulator stating, “We believe you owe a penalty,” and
- A regulator issuing a detailed order asserting definitive liability and wrongdoing
The latter carries far greater weight—both legally and reputationally.
If companies reasonably believed they had no choice but to pay, the Court may consider whether their rights were effectively compromised, even if not formally denied.
The Underlying Privacy Issue: Location Data as a High-Risk Category
While much of the legal debate centers on procedural questions, it is important not to lose sight of the underlying privacy issue: the handling of customer location data.
Location data is widely recognized as one of the most sensitive forms of personal information. It can reveal:
- Where individuals live and work
- Medical visits and health conditions
- Religious practices
- Political affiliations
- Personal relationships and daily routines
The FCC’s enforcement action was based on allegations that telecom providers failed to adequately safeguard this data and allowed it to be accessed or sold through third-party channels.
From a regulatory standpoint, this is exactly the type of behavior that modern privacy frameworks aim to prevent.
A Broader Trend: Enforcement Is Becoming the Primary Driver of Privacy Compliance
This case highlights a critical reality in the U.S. privacy landscape: enforcement is increasingly shaping compliance more than legislation.
Unlike jurisdictions with comprehensive privacy laws (such as the GDPR), the United States relies heavily on:
- Agency enforcement actions
- Sector-specific regulations
- Litigation under existing statutes
As a result, the power of agencies like the FCC and FTC becomes central to how privacy standards are defined and enforced in practice.
If the Supreme Court affirms the FCC’s authority in this case, it will reinforce that model—giving regulators significant leverage to:
- Investigate privacy violations
- Issue substantial financial penalties
- Shape industry behavior through enforcement actions
Implications for Businesses: Compliance Is No Longer Optional—or Reactive
For organizations handling consumer data, the implications are immediate and substantial.
First, enforcement risk is increasing—not just in magnitude, but in visibility. Large fines attract public attention, regulatory scrutiny, and potential follow-on litigation.
Second, the ability to challenge enforcement actions may be more limited than companies expect. Even if legal recourse exists, the process can be:
- Time-consuming
- Expensive
- Reputationally damaging
Third, regulators are focusing on high-impact data categories—particularly those that:
- Enable tracking or surveillance
- Involve sensitive personal information
- Are shared with third parties
Location data sits at the intersection of all three.
Why This Case Matters in the Context of AI and Data Monetization
The timing of this case is particularly important given the rapid growth of AI and data-driven business models.
Modern systems increasingly rely on:
- Behavioral data for personalization
- Location data for targeting and analytics
- Large datasets for training machine learning models
If regulators are willing to impose nine-figure fines for mishandling location data, it signals a broader willingness to:
- Scrutinize data monetization practices
- Enforce stricter standards for data sharing
- Hold companies accountable for downstream use of data
This aligns with global trends, including the EU’s focus on data governance under the AI Act and GDPR.
A Case That Could Reshape Privacy Enforcement
The Supreme Court’s decision—expected later this year—will do more than resolve a dispute between telecom companies and the FCC.
It will define:
- The balance of power between regulators and companies
- The practical meaning of due process in privacy enforcement
- The level of risk organizations face when handling sensitive data
If the Court sides with the FCC, it will reinforce a system where regulators can act decisively—and companies must respond quickly, often under significant pressure.
Compliance cannot be reactive. It must be proactive, continuous, and defensible.
Because in today’s environment, the cost of getting privacy wrong is no longer theoretical—it is measurable, enforceable, and increasingly unavoidable.
