A Look at Upcoming Innovations in Electric and Autonomous Vehicles Supreme Court Rules Warrants Required for Google Location History Data

Supreme Court Rules Warrants Required for Google Location History Data

The Supreme Court has ruled that police must obtain a warrant before accessing a user's location history held by a technology company, even when that data spans only two hours and was voluntarily shared. The decision in Chatrie v. United States, No. 25-112 (U.S. June 29, 2026), extends the Court's 2018 ruling in Carpenter v. United States and signals that the constitutional protection of digital data is expanding in ways that touch every business holding customer information. For companies that sit between their users and the government, the legal ground has shifted again - and notably, it has shifted further than many legal observers expected.

The Doctrine That Has Been Eroding for Years

For decades, a principle called the third-party doctrine governed how the Fourth Amendment applied to information people share with companies. The logic was straightforward: once you hand data to a bank, a phone company, or any other third party, you surrender your constitutional expectation of privacy in that data. Law enforcement could obtain it without a warrant, and courts routinely upheld such access.

Carpenter began to crack that foundation. The Court held in 2018 that seven days of cell-site location data - the records a wireless carrier collects as a phone connects to nearby towers - warranted Fourth Amendment protection despite being held by a carrier rather than the user. The majority framed its holding as narrow, but its underlying reasoning was pointed: location data collected over time can reveal intimate details of a person's life, including their religious practices, medical appointments, and personal associations. The volume and sensitivity of the information, the Court reasoned, placed it beyond the reach of a doctrine designed for a simpler era of shared records.

Chatrie removes any remaining ambiguity about the direction of travel. The Court held that even two hours of location history stored by a third-party company requires a warrant. The majority declined to treat location data as "truly shared" merely because a user enabled a company to track their movements. In doing so, the Court acknowledged what users have long understood intuitively: enabling a feature within an app does not feel the same as handing over a document to a bank officer. The nature of the consent is different, and the Court now says the law must reflect that difference.

What the Ruling Means for Businesses That Hold Customer Data

The practical consequences for data custodians are significant and immediate. Any company that stores location logs, communications, photographs, or behavioral data on its servers now operates in an environment where courts may treat that data as something users "reasonably view as their own" - even after those users handed it over. That framing reshapes the relationship between the company and the government when law enforcement comes knocking.

Law enforcement agencies regularly issue subpoenas, court orders, and other legal demands seeking customer data from technology companies, cloud providers, and communications platforms. Those demands have historically been evaluated under relatively permissive standards when the third-party doctrine applied. Under the framework that Chatrie reinforces, a broader category of data now likely requires a warrant backed by probable cause - a higher bar that gives companies both a legal basis and an obligation to push back against insufficiently supported government demands.

This matters for customer trust as much as for legal compliance. Users increasingly understand that their data does not simply vanish into a company's servers; they understand that it can be retrieved, analyzed, and used by others. When courts affirm that constitutional protections follow data into third-party hands, companies that can demonstrate rigorous practices - minimizing data collection, enforcing retention limits, and scrutinizing government requests - stand on firmer ground in the eyes of their users.

A Separate Theory With Long-Term Implications

Justice Gorsuch's concurring opinion in Chatrie, building on his separate writing in Carpenter, offers the most structurally ambitious alternative path in this area of law. Rather than carving exceptions from the third-party doctrine case by case, Justice Gorsuch would root Fourth Amendment protections in property law and in statutes - asking who actually owns the data under state law, under the company's own terms of service, and under any applicable digital-property legislation.

That approach would produce different outcomes in different circumstances, but its governing principle is coherent: if a statute, a contract, or established property law treats the data as belonging to the user, then the government needs a warrant to access it, regardless of where it physically sits. The majority has not adopted this theory, but it has gestured toward the same intuition - noting that users regard their hosted data as their own - and Justice Gorsuch reads those gestures as confirmation that his approach is finding purchase.

For businesses, the practical takeaway from this line of reasoning is direct. Privacy policies, terms of service, and user consent agreements are no longer merely legal boilerplate. If courts begin using those documents to determine constitutional ownership of data, the language in them becomes constitutionally relevant. A policy that clearly reserves user ownership of personal data, or that explicitly limits company use of that data to defined purposes, may eventually serve as evidence that users retained a protected property interest - and that the government must meet a higher standard to compel its disclosure.

The Broader Arc and What Comes Next

The Supreme Court has now decided two landmark cases in less than a decade that restrict government access to digital records held by private companies. Each decision has been framed as narrow, yet each has extended protection further than the previous one. That pattern suggests the Court is working toward a more durable framework rather than issuing one-off rulings, even if it has not yet stated that framework explicitly.

The third-party doctrine is not formally dead. The Court has declined in both Carpenter and Chatrie to overrule it. But its practical scope has contracted considerably, and the categories of data it covers with any confidence have narrowed. Financial records, telephone numbers dialed, and similar transactional data remain more ambiguous. Continuous location tracking, behavioral profiles, and the contents of communications appear increasingly insulated from warrantless access.

Companies designing their data architectures, drafting their privacy disclosures, and building their government-request response processes would be prudent to treat Chatrie as a signal rather than an endpoint. Courts across the country will cite it when evaluating new categories of digital data, and the constitutional standard for government access will likely continue to rise as the sensitivity and granularity of that data increases. Building data practices that reflect genuine respect for user ownership - rather than practices that merely collect everything available - is no longer only an ethical posture. Increasingly, it is a legal one.