Carpenter v. United States: What It Means for Companies That Collect Location Data

Cooley Alert

On June 22, the Supreme Court issued its decision in Carpenter v. United States and held that law enforcement officials must obtain a warrant before they can ask wireless providers for automatically generated information about customer locations. As more and more services and applications use location data, this case could affect a wide range of businesses.

The court determined that wireless customers have a reasonable expectation of privacy in location information, even when that information is generated and maintained by a third party. The expectation is strong enough that the Fourth Amendment requires the government to obtain a warrant before getting the records.

The kind of information collected by wireless providers also can be generated and collected by a wide range of other businesses. For instance:

  • Fixed wireless and Wi-Fi services may generate login information that could be used to determine user locations
  • Apps may collect location information as part of the service they provide or to target advertising
  • Devices, including phones, Internet of Things enabled devices and connected cars, may generate location information that is stored elsewhere

The decision is very narrow, addressing only law enforcement requests for customer location information gathered over a week or longer that are directed to wireless carriers that collect the information automatically. However, the rationale adopted in Carpenter was not specific to wireless services, and the court did not decide that a week was the minimum period that would require a warrant. Consequently, the potential for the decision to be extended to other entities that collect location information, even if they do not collect it continuously, is significant. Entities that collect location information could risk liability if that information is provided to law enforcement without a warrant and the courts ultimately decide that a warrant is required.

In addition, the decision could apply to hardware or software companies that use customer location data to improve their services (as some phone manufacturers have done to increase GPS accuracy). The warrant requirement could even be applied when customers voluntarily upload their location information, such as user uploads of running data in fitness apps.

More broadly, this case and other recent decisions involving electronic tracking and smart phones suggest that the Supreme Court is likely to take a somewhat expansive view of privacy in the digital age, at least when it comes to government access to customer information. In this decision, Chief Justice Roberts emphasized his earlier statements about the transformative nature of modern smart phones and used those earlier statements to justify the requirement for a warrant. It is not difficult to imagine that rationale being extended in future decisions.

Related Contacts
J.G. Harrington Special Counsel, Washington, DC