AT&T, Verizon, Sprint and T-Mobile US collectively faced more than $200 million in fines for selling customer location information, after the US Federal Communications Commission (FCC) determined the practice violated data privacy regulations.

T-Mobile faced the steepest punishment, with a proposed fine of $91 million, while AT&T, Verizon and Sprint are looking at payments of $57 million, $48 million and $12 million, respectively.

However, the totals are not set in stone: the FCC noted each operator will have a chance to respond to the allegations of misconduct before the sums are finalised.

The action follows an FCC Enforcement Bureau investigation into reports from 2018 that third parties were able to improperly access mobile subscriber location data.

Bureau officials found all four operators sold customer location information to data brokers, which in turn sold it to third-party companies offering location-based services. Though the latter were contractually obligated to obtain consent from mobile customers before accessing their location data, the FCC said the operators failed to implement safeguards to ensure they were actually doing so.

It added the amount of the proposed fine for each carrier was based on the length of time they continued to sell access to the information without safeguards, and the number of entities the operators sold access to.

FCC chairman Ajit Pai said in a statement operators had long been aware of their obligation to protect sensitive subscriber information, adding the commission will “not tolerate phone companies putting Americans’ privacy at risk”.