Supreme Court Upholds FCC Enforcement Authority in Major Privacy-Fines Case

Businesses that collect, use, sell, or share consumer data should pay attention to the Supreme Court’s latest ruling involving the Federal Communications Commission. In Fed. Commc'ns Comm'n v. AT&T, Inc., 608 U.S. ___, No. 25-406 (June 4, 2026), the Court upheld the FCC’s process for issuing monetary penalties against regulated companies.

The case involved FCC enforcement actions against AT&T and Verizon over alleged failures to protect customer location data. According to the FCC, the companies failed to take reasonable steps to keep location data confidential, allowing third parties to access sensitive customer information without adequate safeguards. The agency assessed approximately $57 million in penalties against AT&T and nearly $47 million against Verizon as part of a broader privacy enforcement effort across the wireless industry.

AT&T and Verizon challenged the FCC’s process, arguing that the agency should not be able to decide liability and assess penalties through its own administrative proceedings without first providing a jury trial. The Supreme Court disagreed.

Chief Justice Roberts, writing for the majority, explained that an FCC penalty order does not automatically require payment and can ultimately be challenged in court. The practical result, however, is that the FCC retains a powerful enforcement tool for pursuing alleged privacy violations.

For businesses, the takeaway is straightforward: federal agencies still have significant enforcement authority. The decision does not create new privacy rules, and it does not determine whether AT&T or Verizon actually violated the law. Instead, it confirms that challenges to agency procedures will not necessarily prevent regulators from investigating companies and pursuing penalties.

That matters beyond the telecommunications industry. Companies involved in lead generation, telemarketing, data brokerage, customer tracking, or consent-based marketing should not assume that recent court challenges to agency power will stop regulators from bringing enforcement actions.

The decision serves as a reminder that compliance should be a business priority, not an afterthought. Companies should regularly review how they obtain consent, document consumer permissions, oversee vendors, protect customer data, and respond to regulatory inquiries. The Court’s message is clear: businesses should expect regulators to continue actively enforcing consumer protection and privacy requirements.