Access to US cell phone location data now requires a warrant

Privacy International welcomes today’s decision by the United States Supreme Court in Carpenter v. United States, which finds that the government must generally obtain a warrant when seeking mobile phone location records. In particular, PI applauds the Court’s recognition that “[m]apping a cell phone’s location over the course of 127 days provides an all-encompassing record of the holder’s whereabouts. As with GPS information, the timestamped data provides an intimate window into a person’s life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations.’ These location records ‘hold for many Americans the ‘privacies of life.’’

For more than two decades, Privacy International has been supporting the principle that government access to data stored by telecommunications companies constitutes a serious interference with privacy. For example, we recently intervened in the recent case of Secretary of State for the Home Department v. Tom Watson and Others before the Court of Justice of the European Union to argue that general and indiscriminate data retention requirements violate the rights to privacy and data protection, as protected by the Charter of Fundamental Rights of the European Union, and that any government access to data held by telecommunications companies must comply with a series of safeguards, including prior judicial authorisation.

The CJEU’s ruling agreed and, much like the US Supreme Court today, recognised that data held by telecommunications companies “taken as a whole, is liable to allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained, such as everyday habits, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them” and that it “provides the means . . . of establishing a profile of the individuals concerned, information that is no less sensitive, having regard to the right to privacy, than the actual content of communications.”

Governments have for years pushed back against efforts to limit access to data retained by telecommunications companies. This ruling is victory for everyone, including privacy advocates who have long fought against such government surveillance.

Privacy International and our partners continue to fight for the recognition that government access to data stored by telecommunications companies interferes with the fundamental right to privacy. For example, our partner Red en Defensa de los Derechos Digitales (R3D) currently has a case before the Inter-American Commission of Human Rights, challenging a Mexican Supreme Court decision upholding a law mandating telecommunications companies to store user data for two years and to provide the government the ability to track users in real-time. That law lacks adequate safeguards for government access to such data, including prior judicial authorisation.

As the CJEU’s ruling in Watson and the US Supreme Court’s ruling in Carpenter demonstrate, data stored by telecommunications companies can allow governments to build detailed profiles of its citizens. We hope that the Inter-American Commission of Human Rights will similarly recognise the privacy implications of the Mexican government’s access to data held by telecommunications companies.