The Supreme Court has issued a 6-3 decision holding that police use of a geofence warrant to search Google Location History data is a Fourth Amendment search. The ruling gives digital location records the same constitutional protection as physical evidence and raises new questions for businesses that collect, store, sell, or share location data.
The decision does not ban geofence warrants. Instead, it sends the underlying criminal case back to a lower court to decide whether the warrant met Fourth Amendment requirements for particularity and probable cause. Until that review is complete, businesses that rely on location tracking face a more uncertain compliance environment.
The case began with a 2019 credit union robbery in Midlothian, Virginia. Investigators obtained a geofence warrant requiring Google to search its Location History database for devices within a 150-meter radius during a one-hour window around the crime. Under Google‘s three-step disclosure process, the company first returned anonymized device identifiers. Police then narrowed the list, and Google eventually provided identifying information for three users, including Okello Chatrie, who was later charged.
The Fourth Circuit had sided with the government, ruling that the geofence request was not a Fourth Amendment search because the data came from a private company rather than directly from the suspect. That reasoning relied on the third-party doctrine, which generally says people have a reduced expectation of privacy in information they voluntarily share with another party.
The Supreme Court rejected that approach for comprehensive location history data. The ruling extends the logic of Carpenter v. United States (2018), where the Court held that historical cell-site location records from a phone carrier are constitutionally protected even though they are held by a third party.
The majority’s view is that detailed, continuous location records can reveal the intimate contours of a person’s life in a way that casual data sharing does not. That marks a major shift from how lower courts had treated geofence warrant requests. Google Location History, when enabled, can pinpoint a device within roughly three meters every two minutes, according to reporting on the case. That makes it more granular than the cell-site data at issue in Carpenter.
“We welcome today’s decision, which affirms that digital records like location history receive the same constitutional protections as physical ones,” a Google spokesperson said in a statement.
Location data vendors create new risks for small businesses
The ruling’s business impact reaches well beyond law enforcement. Companies use location data for geofenced mobile ads, delivery route optimization, foot traffic analytics, loyalty programs, employee fleet monitoring, and third-party audience targeting purchased from data brokers. Each use involves collecting, retaining, or transmitting the same type of data the Court has now treated as constitutionally sensitive.
The compliance gap is not theoretical. A business that buys location-based audience segments from a data broker, or embeds a third-party SDK that continuously logs user movement, may be holding data whose legal status and value to law enforcement have materially changed. Prior reporting on how platforms monetize user data has shown how widely location and behavioral records can move through the vendor ecosystem, often with limited visibility for the businesses using those tools.
That gap is especially difficult for small businesses. Large companies can immediately assign legal, compliance, and procurement teams to audit vendor contracts and retention policies. A small business running geofenced ads through a marketing platform, or using fleet tracking software that logs driver locations throughout the day, often has no comparable capacity and no direct relationship with the underlying data infrastructure now facing closer scrutiny.
Unresolved warrant rules leave businesses in a privacy gray zone
Because the Supreme Court returned the Chatrie case to the lower court instead of setting a final warrant standard, several important questions remain open. The first is how specific a geofence warrant must be, and what level of probable cause is required. That answer will shape how Google, Apple, and other location data custodians respond to future law enforcement requests.
For businesses, the more immediate question is what it now means to hold sensitive location records at all. The ruling establishes that this data has constitutional significance, but it does not define what consent language, data minimization practices, or retention limits would satisfy privacy expectations in civil or regulatory contexts.
A user’s opt-in to a loyalty app’s location tracking, for example, may not settle every issue if the data is retained for long periods, shared with vendors, or later requested by law enforcement. The United States still has no comprehensive federal privacy law, and federal privacy legislation affecting small businesses’ digital advertising and data practices remains stalled in Congress. That leaves businesses without one clear national framework.
Vendor contracts also need closer review. Businesses that have signed data-sharing agreements with location analytics firms, ad networks, or measurement providers should check whether those contracts address law enforcement requests, data retention schedules, and liability if a government subpoena is issued. Many standard agreements drafted before this ruling were not written with Fourth Amendment exposure in mind.
Small businesses should audit location data before expanding geofencing
The ruling does not create new statutory obligations for private businesses on its own. Those requirements will come from lower-court rulings, possible Federal Trade Commission guidance, state privacy enforcement, and future legislation. But the decision is a clear warning that location data should no longer be treated as routine marketing infrastructure.
- Inventory every location data touchpoint in your operations. Map where location data enters your business, including app SDKs, fleet tracking tools, loyalty platforms, geofenced ad campaigns, and third-party analytics integrations. Businesses cannot manage exposure they have not identified.
- Review vendor contracts for location data provisions. Check whether data vendors have warrant-response policies, retention limits, and liability clauses covering government access. Contracts that are silent on these points should be flagged for renegotiation or legal review.
- Audit retention schedules for location records. The Chatrie case turned on historical location data retained by Google. Businesses that hold location records longer than necessary may be carrying legal exposure with declining business value. Shorter retention windows are a practical risk-reduction step.
- Update consent disclosures to reflect the sensitivity of location data. Privacy policies and app permissions should accurately explain what data is collected, how long it is retained, and who receives it. Vague consent language can create risk in regulatory and litigation settings.
- Consult legal counsel before expanding location-based features. Businesses planning to launch or scale geofencing, behavioral targeting, or location-based personalization should review those plans before deployment, especially where third-party data vendors are involved. Broader data protection frameworks used for cybersecurity compliance can offer a useful starting point for organizing a location data audit.
Lower courts and regulators will define the ruling’s long-term impact
The Chatrie case now returns to the lower court with a new constitutional standard but without a final answer on whether the original warrant was valid. That decision will create the first post-ruling benchmark for what a valid geofence warrant looks like. It will also influence how federal and state agencies draft future requests and how tech companies respond.
- Lower-court warrant standard decision. The next ruling on whether the Chatrie warrant satisfied particularity and probable cause requirements will show how strictly courts plan to apply the Supreme Court’s standard. A narrow ruling could preserve substantial law enforcement flexibility, while a broader one could sharply limit geofence warrants.
- FTC and state AG enforcement signals. Federal Trade Commission guidance and state attorney general actions in privacy-active states, including California, Washington, and Texas, will show whether regulators treat the ruling as a reason to scrutinize private-sector location data practices.
- Congressional privacy legislation. A federal privacy bill covering location data retention, consent requirements, and data broker regulation would resolve much of the uncertainty businesses now face. Continued inaction would leave companies operating in the current gray zone.
- Google and Apple warrant-compliance policy updates. Google and Apple are likely to revise their law enforcement response policies in light of the ruling. Changes to how they handle geofence requests and what notice they provide to users or affected businesses will have direct downstream effects for companies whose customer data sits in those ecosystems.
The Supreme Court’s decision sets a constitutional floor for government access to location data. The commercial compliance standards that follow will be built through lower-court decisions, regulatory guidance, and privacy legislation that has not yet been written.



