The ground shifts: Chatrie's impact on data governance beyond the Fourth Amendment

The U.S. Supreme Court's decision in Chatrie v. United States extends Fourth Amendment protection to geofence location data while exposing the inadequacy of consent-based data governance and underscoring the need for legislative fiduciary frameworks to regulate government access to personal data and AI systems.

Contributors:
Michael Leahy
CIPP/US
Founder
Fiduciary Commons
On 29 June 2026, the U.S. Supreme Court held 6-3 in Chatrie v. United States that police conduct a Fourth Amendment search when they acquire a cell phone user's location history data from Google.
The finding extended Carpenter v. United States to cover geofence warrants and rejected the government's position that short-duration access to location data falls outside the Fourth Amendment's reach.
The decision is significant on its own terms, but it is also significant for what it reveals about the limits of constitutional doctrine as a governance framework for the digital age.
The end of consent as constitutional baseline
The government argued that location history is an "optional add-on" users voluntarily enable, distinguishing it from the cell-site location information in Carpenter, which is an unavoidable byproduct of carrying a cell phone. Users who turned on location history, the government contended, forfeited Fourth Amendment protection under the third-party doctrine.
The court rejected this comprehensively. Justice Elena Kagan catalogued several concerns with Google's enrollment practices, including repeated prompts, warnings that devices will not "work correctly" without location history, and a lack of disclosure about recording frequency, data precision and the possibility of government access.
More fundamentally, the majority rejected an "app-by-app, feature-by-feature method of granting Fourth Amendment protection" as misapprehending "the very nature of modern cell-phone use." The conclusion: "A cell-phone user is not to be viewed as sharing private information with third parties — which then can be freely passed on to the government — just by doing the ordinary things cell-phone users do."
This is, in substance, a recognition that the user-platform relationship is one of structural dependence, not arms-length exchange. That recognition has implications well beyond the Fourth Amendment. If participation in the digital ecosystem does not constitute consent to government surveillance, then the consent-and-transfer model that undergirds most existing data governance law is built on a premise the Supreme Court has now rejected.
The database as the constitutional problem
The court's treatment of duration is equally consequential. The government argued that two hours of location data reveals too little to trigger Fourth Amendment protection. The court stated it has "never understood Fourth Amendment protections as kicking in only once an intrusion 'goes too far.'" Where the Fourth Amendment applies, it applies regardless of "the quality or quantity of information" obtained.
The key analytical move was the court's identification of the database itself as the source of the constitutional concern. Kagan wrote that what creates the Fourth Amendment problem is "that the government can access all of a cell-phone user's movements, in both public and private places — that it possesses a virtual panopticon with which to scrutinize its citizens' activities." The scope of the invasion is not diminished because the government "can pinpoint exactly which few hours of movements it wants to review."
This reasoning structurally reframes the surveillance problem. The constitutional threat is not any particular data demand but the existence of centralized, searchable repositories of personal information and the government's ability to reach into them. Every query is a search because the panopticon exists.
What the opinion cannot do
For all its force, Chatrie operates within the warrant-and-suppression paradigm. It answers whether a search occurred, and it will eventually answer — on remand — whether the search was reasonable. It does not, and cannot, answer a set of questions that are equally urgent.
What are the affirmative obligations of technology companies regarding government access to user data? What governance framework applies to the majority of government requests for data outside the criminal investigation context, including administrative subpoenas, regulatory inspections and information-sharing agreements? What happens when personal data feeding government artificial intelligence systems was collected under one justification and repurposed for another? And what enforcement mechanisms are available to individuals whose data is mishandled?
The Fourth Amendment constrains government searches. It does not impose fiduciary duties on data custodians, create governance frameworks for algorithmic decision-making or give citizens a private right of action when their data is misused. The constitutional floor the court established today is necessary. It is not sufficient.
The architecture above the floor
Building the governance architecture above that floor is a legislative task, not a judicial one. The Fiduciary Commons Framework, a set of three model statutes developed from the same constitutional premises the court validated in Chatrie, addresses the domains the Fourth Amendment cannot reach. The model Verifiable Identity and Digital Autonomy Act establishes that government's role in digital identity is endorsement, not surveillance. This philosophy has been adopted by Utah through the passage of SB 260.
The model Personal Data Trusteeship Act imposes fiduciary duties of loyalty, care and confidentiality on every government entity handling personal data with a direct private right of action, statutory damages and reversed burden of proof.
The model Government Algorithmic Accountability and AI Fiduciary Act governs automated decision systems that consume personal data as inputs, requiring interpretable models for rights-affecting determinations and classifying autonomous AI agents as statutory fiduciaries.
Justice Ketanji Brown Jackson's concurrence illustrates why the legislative layer matters. She identified the geofence warrant's delegation of search-expansion authority to officers without defined criteria or judicial oversight as a structural deficiency. The same problems — undefined criteria, discretionary escalation, absent independent oversight — arise when government AI systems make consequential determinations about individuals. The Fourth Amendment's particularity requirement provides the constitutional principle. Legislation must provide the operational architecture.
Conclusion
Chatrie is not a fiduciary case. The word does not appear in any of the five opinions.
But the decision validates the structural analysis on which a fiduciary approach to data governance is built: that the user-platform relationship is one of dependence, not exchange; that the consent model cannot bear the weight placed on it; and that the constitutional concern is the architecture of surveillance itself.
The court has cleared the constitutional ground. The work of building on it is legislative, and it is urgent.

This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Submit for CPEsContributors:
Michael Leahy
CIPP/US
Founder
Fiduciary Commons
Tags:



