FCC Privacy Enforcement Under the Constitution: Why the Supreme Court Is Being Asked to Revisit CPNI Fines and the Agency’s “In-House” Penalty Process

For years, the Federal Communications Commission has treated customer privacy and data security as a core component of its oversight of telecommunications carriers. That authority is anchored in Section 222 of the Communications Act, which requires carriers to protect the confidentiality of customer proprietary network information (CPNI). But a developing constitutional dispute is now putting the FCC’s enforcement machinery under a much brighter spotlight—one that extends well beyond telecom privacy and into the structure of the modern administrative state.

At the center of the controversy is a practical question with sweeping legal consequences: when the FCC imposes a large monetary forfeiture for alleged privacy failures, must the target have the right to have that liability determined by an Article III court and a jury, rather than by the agency itself? The issue is no longer theoretical. Federal appellate courts have taken different paths, producing a genuine circuit split. With that split now crystallized, litigants and the government are asking the Supreme Court to step in and provide a uniform answer.

This debate matters for three audiences at once: (1) carriers and other regulated entities facing high-dollar penalties; (2) agencies that rely on administrative adjudication as a workhorse for civil monetary enforcement; and (3) consumers and policymakers who want strong privacy enforcement but also expect constitutional guardrails to be respected.

What CPNI Is and Why the FCC Treats It as High Stakes

CPNI is a statutory term that covers sensitive information carriers obtain by virtue of providing service. In practice, it includes data such as call detail information, usage patterns, and—critically in the recent cases—location information tied to customers’ mobile devices. Because location data can expose intimate inferences about a person’s life, it has become one of the most consequential privacy categories in the telecom ecosystem. The FCC has long taken the position that carriers must implement “reasonable measures” to prevent unauthorized access to CPNI, including misuse by downstream recipients and intermediaries.

The underlying enforcement actions that generated the current constitutional fight involve allegations that carriers failed to reasonably safeguard access to sensitive customer location information and related CPNI. The Commission’s penalty figures have been substantial, reflecting the agency’s view that CPNI lapses are not technical violations but direct threats to consumer safety and trust.

The FCC Forfeiture Pathway: How a Privacy Case Becomes a Monetary Penalty

To understand the constitutional arguments, it helps to understand how FCC forfeitures work in real life. The process typically follows this arc:

• Notice of Apparent Liability (NAL): The FCC issues a notice laying out alleged violations and proposing a forfeiture amount. This is not the final penalty, but it frames the case and the stakes.
• Written submissions and agency adjudication: The target responds. The matter is resolved through the FCC’s internal processes rather than a district court trial.
• Forfeiture Order: The Commission issues a final order imposing a monetary forfeiture. At that point, the agency’s order states that the target is liable and payment is due.
• Judicial review or collection: Here is where the system becomes legally intricate. A carrier may seek review directly in a court of appeals under the Administrative Procedure Act framework, or it may refuse to pay and await a Department of Justice collection action—an action that can be pursued later in federal district court under a statutory “trial de novo” mechanism.

That last fork in the road is the constitutional pressure point. The FCC and its defenders emphasize that a target can obtain a de novo proceeding in district court if the government sues to collect. Critics respond that the availability of a later proceeding is not the same as the right to have liability determined by a jury before an agency issues a binding penalty decision with immediate legal and commercial consequences.

The Constitutional Claims: Seventh Amendment and Article III, Not Mere Procedure

The constitutional objections arise from two related principles.

1) Seventh Amendment: The Right to a Jury Trial in Suits at Common Law

The Seventh Amendment preserves the right to trial by jury in civil cases that are, in substance, comparable to “suits at common law.” The modern administrative state complicates this inquiry because agencies often impose civil penalties through adjudication that resembles a court proceeding but is housed within the executive branch.

Recent Supreme Court doctrine has sharpened the line where an agency imposes civil penalties resembling traditional common-law remedies. A central argument in the FCC cases is that a monetary forfeiture for alleged failure to employ “reasonable measures” to safeguard data operates like a classic civil penalty—precisely the kind of government claim that historically would have been tried to a jury.

2) Article III: The Requirement of an Independent Judicial Decisionmaker

Article III safeguards the role of the federal judiciary by requiring that certain disputes be decided by judges with life tenure and salary protection, rather than by executive-branch decisionmakers. The FCC’s process is run internally, and the final liability determination is made by the Commission itself.

The FCC’s position relies heavily on the view that Congress may assign certain matters to agencies under the “public rights” doctrine. The carriers’ position is that these privacy forfeiture cases are not the kind of public-rights matters that can be conclusively decided by the executive branch, especially when the remedy is a punitive monetary penalty and the underlying standard resembles common-law reasonableness.

The Circuit Split: Same Statute, Same Type of Penalty, Different Constitutional Outcomes

The reason Supreme Court review is now plausible is that the appellate courts are no longer speaking with one voice.

One appellate court vacated an FCC forfeiture against a carrier on constitutional grounds, reasoning that the agency’s in-house penalty adjudication cannot substitute for an Article III court and a jury where civil penalties of this type are imposed. That court’s analysis drew heavily on modern Supreme Court precedent emphasizing the jury trial right in administrative penalty regimes that track common-law analogues.

Other appellate courts, however, upheld materially similar FCC forfeitures. Their reasoning is generally that the statutory framework ultimately allows a de novo district court proceeding in a collection action, and that this downstream opportunity satisfies the Seventh Amendment and Article III concerns—at least where the target has not preserved or exercised that path in the manner those courts consider necessary.

This divergence is not a narrow disagreement about telecom specifics. It is a direct conflict about whether the availability of a later de novo proceeding cures the constitutional issue created by the agency’s initial adjudication and issuance of a final penalty order.

The “Pay Now, Litigate Later” Problem: Why Timing and Real-World Consequences Matter

A recurring theme in the challengers’ briefing is that the Commission’s forfeiture order is not an academic pronouncement. It can have immediate consequences even before any collection lawsuit occurs.

In the real world, a final FCC forfeiture order can:

• create disclosure obligations and reputational impact, especially for public companies;
• trigger knock-on regulatory consequences, including licensing and compliance scrutiny;
• affect commercial relationships, procurement eligibility, and enterprise contracting;
• create pressure to pay to avoid uncertainty, even where the target believes it has meritorious defenses.

That reality drives the constitutional framing: if the penalty is effectively operative upon issuance, then constitutional protections should attach at the moment the government makes the liability determination—not only at the later, discretionary moment when the Department of Justice decides to sue for collection.

Supporters of the FCC’s current system counter that the statute gives a structured path to judicial adjudication, and that regulated parties can choose not to pay and insist on the de novo forum. They argue that this is a workable compromise: the agency determines liability and penalty administratively, but an Article III court remains available when the government seeks to reduce that penalty to a judgment.

Waiver Theory: A Second Layer of Complexity

Adding to the doctrinal thicket is a waiver argument that has surfaced in some decisions. In simplified terms, the waiver theory says: if a party pays the forfeiture (or proceeds in a way that bypasses the statutory de novo route), it may have forfeited the ability to claim that it was denied a jury trial.

There are two practical difficulties with that approach.

• First, it turns constitutional rights into a strategic trap. Regulated entities may be forced to choose between paying (to end uncertainty and mitigate business fallout) and preserving the cleanest path to an Article III jury trial.
• Second, it presumes DOJ collection is a realistic and timely vehicle. Even if a target refuses to pay, the timing and likelihood of a collection suit can be uncertain, and the interim consequences of an outstanding forfeiture order can still be significant.

Whether waiver is a fair or coherent way to handle Seventh Amendment rights in this setting is a major question the Supreme Court may need to address if it takes up the dispute.

How This Could Reshape FCC Privacy Enforcement

If the Supreme Court agrees that the FCC’s forfeiture model is unconstitutional as applied to CPNI penalties, the Commission will face a choice of redesigned enforcement pathways. Several outcomes are plausible:

• Shift toward federal court litigation for civil penalties: The FCC could be required to pursue certain privacy penalties through DOJ actions filed in district court, with a jury trial available where constitutionally required.
• Greater reliance on consent decrees and settlements: Agencies often pivot to negotiated resolutions when adjudicatory authority is uncertain. That may produce faster outcomes but can also reduce transparency and precedent value.
• Reframing remedies as equitable or prospective: The Commission could emphasize injunction-like relief, compliance plans, or licensing conditions where available, though that approach has limits and may not satisfy deterrence objectives.

Conversely, if the Supreme Court endorses the FCC’s current structure, agencies will likely view it as a validation of administrative penalty regimes that rely on downstream de novo review as a constitutional safety valve.

What Carriers Should Do Now: Practical Risk Management While the Law Is Unsettled

While the constitutional questions work their way through the Supreme Court’s docket, carriers should assume that CPNI enforcement remains active and that data security expectations are not relaxing. A defensible compliance posture is still the best way to reduce exposure, regardless of how the procedural debate resolves.

In practical terms, carriers should consider:

• Location data governance: Treat location-adjacent data flows as high risk. Document data inventories, access paths, vendor handoffs, and controls in a way that can be explained to a regulator.
• “Reasonable measures” proof file: The FCC’s standard often turns on whether safeguards were reasonable in light of known risks. Maintain contemporaneous evidence: policies, audits, vendor oversight, technical controls, monitoring, and remediation timelines.
• Third-party access controls: Many CPNI cases arise from downstream sharing and weak controls on resellers, aggregators, or intermediaries. Contractual restrictions are not enough by themselves; regulators expect practical enforcement and monitoring.
• Incident response readiness: A mature response program—triage, containment, customer impact analysis, and executive reporting—reduces both consumer harm and enforcement risk.
• Litigation posture planning: For high-value penalties, model the procedural options early: direct appellate review, payment strategies, and the implications of preserving a de novo path.

Why This Fight Extends Beyond Telecom Privacy

It is tempting to view this as a narrow telecom dispute about CPNI. That would be a mistake. The core question—whether an agency can impose large civil penalties through in-house adjudication without providing a jury trial at the liability stage—echoes across sectors. Many agencies use administrative proceedings to impose punitive monetary relief, and many regulated parties face the same strategic dilemma: settle, pay, or litigate under constraints that may affect the availability of constitutional protections.

In that sense, the FCC cases are not only about privacy. They are about the boundary between executive enforcement and judicial power, and about whether the Constitution permits agencies to function as prosecutor, fact-finder, and penalty issuer in cases that resemble traditional civil actions.

Supreme Courts & CPNI privacy cases

The Supreme Court is being asked to resolve a direct conflict among the federal courts over the constitutionality of FCC forfeiture procedures in CPNI privacy cases. The underlying enforcement actions involve serious allegations about safeguarding sensitive customer data, particularly location information. But the legal question is structural: when the government seeks punitive monetary penalties, who decides liability—an agency or a jury in an Article III court?

Until the Supreme Court provides clarity, companies should plan for enforcement on two tracks at once: strengthen privacy and security controls to minimize the risk of a CPNI action, and be prepared to make deliberate procedural choices if a forfeiture is proposed. The constitutional debate may determine how penalties are imposed, but it will not eliminate the underlying obligation to protect consumers’ most sensitive telecom data.