Privacy of Cell Location Data – Analysis of Carpenter Decision

by Dechert LLP
Contact

Dechert LLP

In a closely watched decision, the United States Supreme Court recently held in Carpenter v. United States1 that government prosecutors must seek a warrant to obtain cell phone site location information from cell phone service providers. The decision is being hailed by some as a victory for privacy rights, and criticized by others for not going far enough to eliminate the Fourth Amendment “third-party doctrine,” a limitation on the warrant requirement’s application that some privacy scholars and advocates see as a barrier to developing a viable approach to the privacy issues raised by data-driven technologies in the 21st century.2 This On Point summarizes the Carpenter decision and discusses some of the potential implications of its reasoning.

Carpenter’s Claim

The Carpenter case arose from a criminal investigation and prosecution of members of a group suspected of robbing Radio Shack and T-Mobile stores in Michigan and Ohio.3 A cooperating witness provided the FBI with information it used to obtain cell phone location data for Timothy Carpenter and other robbery suspects.4 The government obtained the cell phone data through the use of subpoenas authorized by the Stored Communications Act,5 which allows the government to compel the disclosure of communications records when a judge is convinced that there are reasonable grounds to believe that the records sought are relevant and material to an ongoing criminal investigation.6

In response to the government’s subpoenas, Carpenter’s wireless carriers produced cell site location information for Carpenter’s cell phone for more than 100 days of use.7 Based on these records and other evidence, Carpenter was charged with six counts of robbery and related firearms offenses.8 At trial, armed with the cell phone companies’ location data, an FBI agent testifying as an expert witness explained that, “each time a cell phone taps into the wireless network, the carrier logs a time-stamped record of the cell site and particular sector that were used.”9 The agent used this location data to create exhibits intended to demonstrate that Carpenter was in the vicinity of four of the robberies around the times they were committed.10 Carpenter was convicted on all of the counts with which he was charged except for one of the firearm counts, and he was sentenced to more than 100 years in prison.11

Before trial, Carpenter moved to suppress the cell phone location information, claiming that the evidence was inadmissible because the government had obtained it without getting a warrant.12 The trial court denied this motion and Carpenter appealed the district court’s ruling after his conviction.13 The Sixth Circuit Court of Appeals affirmed the trial court’s decision, concluding that Carpenter failed to establish that he had a reasonable expectation of privacy in the location records because the records were not “his,” and disclosed only information that Carpenter had shared willingly with his wireless carriers.14 Accordingly, applying the Fourth Amendment’s “third-party doctrine,” the appellate court held the government did not need a warrant to compel production of the records.15 The Supreme Court granted Carpenter’s petition for certiorari and reversed the Sixth Circuit in a 5-4 vote. Chief Justice Roberts wrote for the majority; Justices Kennedy, Alito, Thomas and Gorsuch all dissented in separate opinions.

The Supreme Court's Decision

 In the Supreme Court, Carpenter’s majority ruled that cell phone users had a reasonable expectation of privacy in the location records created by their service providers, and that the government therefore was barred from acquiring such records without a warrant.16 To reach this resolution, the Court had to resolve two primary issues. It first had to determine whether cell phone users have a reasonable expectation of privacy with regard to the location data generated by their phones and stored by their service providers. And, second, given who collects cell phone location information and how the data is collected, it had to decide whether the Fourth Amendment’s “third-party doctrine” provides a viable rationale for exempting government access to such data from the warrant requirement.

Cell Phone Location Data and Its Impact on Privacy

The Carpenter Court first had to determine whether allowing the government to access cell phone location information without a warrant raised constitutional privacy concerns. Since its decision in Katz v. United States17, to determine whether the Fourth Amendment protects a citizen’s privacy in a given situation, the Court examines both the subjective expectation the individual would have about keeping information private in the circumstances at issue, and whether society would accept his or her expectation as reasonable18. The Chief Justice noted in his Opinion for the Court that a majority of the Justices had agreed in earlier decisions that “individuals have a reasonable expectation of privacy in the whole of their physical movements.”19 The question before the Court in Carpenter, then, was whether allowing government access to information about the movements of cell phone users would threaten any liberty interests protected by the Fourth Amendment.

In its analysis, the Carpenter Court focused on two of these interests. It observed, first, that the warrant requirement is meant to secure “the privacies of life” against exercises of “arbitrary power” by the government.20 And, second, it noted that the Amendment’s protections also are intended to serve what the Court referred to as “a central aim of the Framers”—that is, “to place obstacles in the way of a too permeating police surveillance.”21 In the view of Carpenter’s majority, allowing the government access to the detailed data about users found in the location data collected by cell phone companies posed a significant threat to these interests.

The Court found that cell phone location technology raised issues similar to those it encountered in United States v. Jones, where it held that the government needed a warrant to attach a GPS device to a suspect’s car.22 Comparing cell phone location information to the data provided by GPS tracking, the Court found that location information data also was “deeply revealing.”23 Like GPS surveillance, cell phone location records provide an unparalleled view into the lives of anyone who is subject to such surveillance.24 When the government is able to track a person’s movements by cell phone, the Court asserted, “it achieves near perfect surveillance, as if it had attached an ankle monitor to the phone’s user.”25 In its view, using location data to map a user’s movements over an extended period of time:

provides an all-encompassing record of the [cell phone] holder’s whereabouts. As with GPS information, the time-stamped data provides an intimate window into a person’s life, revealing not only his particular movements, but through them his “familial, political, professional, religious, and sexual associations.” These location records “hold for many Americans the ‘privacies of life.’”26

The Court found, moreover, that cell location technology is not only relentless in its recording of user location data, but also precise, and that its accuracy is improving with time.27 To make this point in Carpenter, the Chief Justice compared the cell phone system’s “memory” to that of a human witness: “Sprint Corporation and its competitors are not your typical witnesses. Unlike the nosy neighbor who keeps an eye on comings and goings, they are ever alert, and their memory is nearly infallible.”28 The technology’s accuracy in recording a user’s movements is aided by the habits of cell phone owners themselves, who “compulsively” carry their devices with them all the time, everywhere they go: “A cell phone faithfully follows its owner beyond public thoroughfares and into private residences, doctor’s offices, political headquarters, and other potentially revealing locales.”29

The government argued in Carpenter that cell phone location data and GPS tracking should be treated differently under the law because GPS technology is more precise,30 but Carpenter’s majority was not convinced by this distinction. One of the obstacles the government faced in making this argument was the Court’s familiarity with the capabilities of cell phones from its decisions in earlier cases. More specifically, the Chief Justice had written about the ability to track cell phone users’ movements through their phones in Riley v. California, where the Court held that the government needs a warrant to search cell phones.31 In Riley, Chief Justice Roberts noted specifically that data from cell phones could “reveal where a person has been. Historic location information is a standard feature on many smart phones and can reconstruct someone’s specific movements down to the minute, not only around town but also within a particular building.”32

In Carpenter, the Court concluded that cell site records presented “greater privacy concerns” than GPS monitoring because cell phones allowed service providers to track users even after they left their vehicles, to more private venues.33 In addition, the Court predicted that cell location technology’s accuracy would only increase with the passage of time, and that even now it was “rapidly approaching GPS-level precision.”34 Given these capabilities, the Court concluded, prosecutorial access to this tool without sufficient judicial supervision would risk “government encroachment of the sort the Framers, ‘after consulting the lessons of history,’ drafted the Fourth Amendment to prevent.”35

The Third-Party Doctrine’s Application

The question of primary interest in this case to those concerned with privacy issues was how the Court would apply the third-party doctrine to cell phone location data. The third-party doctrine essentially exempts certain kinds of business records from the warrant requirement.36 As the Supreme Court has explained, the doctrine had its origin in the idea that “an individual has a reduced expectation of privacy in information knowingly shared with another.”37 In other words, the courts presume that users of certain kinds of property or technology understand that as a consequence of using these instruments, they are sharing information about themselves with third parties.

The financial records at issue in United States v. Miller,38 one of the seminal cases on the third-party doctrine, provide an example of how the rule was developed and applied by the federal courts. When customers use checks to pay for things, or use deposit slips or other records to do business with their banks, those customers presumably know that the retailers, banks and other businesses with whom they interact will keep their own records of the transactions, giving these institutions access to the financial information the records contain. The customer is held, therefore, to have “assumed the risk” that the bank or other institution might share information from the records with others, including law enforcement.39 Thus, under the third party doctrine, government access to these records does not constitute a search because the records are not the property of the person being investigated.40

Preserving access to these kinds of materials through subpoena is important to law enforcement authorities. In his Carpenter dissent, Justice Kennedy detailed the “wide variety of records” the government obtains by use of subpoenas, noting that they are used to gather the evidence necessary to support, among other investigative objectives, probable cause determinations.41 In its Carpenter briefing, the government characterized the use of subpoenas to obtain cell phone location information as consistent with standard investigative practice and settled Fourth Amendment precedent on business records.42 They argued that because cell phone use is a voluntary activity that produces information collected in records controlled by the phone service provider, the third party doctrine should bar Carpenter’s claim that a warrant was required.43 Other courts had reached the same conclusion on the issue, although at points judges had expressed concerns about the doctrine’s application to cell phone location data.44

These arguments failed to persuade Carpenter’s majority, which refused to apply the third party doctrine to cell phone location information.45 The Court rejected the idea that the detailed data generated about cell phone users’ movements disclosed through such records is either “volunteered” or “shared” with the service provider collecting it. First, the Court believed that it was erroneous to characterize cell phone use as a “voluntary” activity because of how commonplace and even necessary such devices have become to our modern existence. In the Court’s view, having a cell phone is, rather than a matter of choice, “‘such a pervasive and insistent part of daily life’ that carrying one is indispensable to participation in modern society.”46

Second, the Court did not see cell phone users as having actually “chosen” to share data about their location at any given time with their providers.47 Realistically, the Court saw users as having no real choice in how their providers generate or maintain such information:

 [A] cell phone logs a cell-site record by dint of its operation, without any affirmative act on the part of the user beyond powering up. Virtually any activity on the phone generates CSLI, including incoming calls, texts, or e-mails and countless other data connections that a phone automatically makes when checking for news, weather, or social media updates. Apart from disconnecting the phone from the network, there is no way to avoid leaving behind a trail of location data. As a result, in no meaningful sense does the user voluntarily assume the risk of turning over a comprehensive dossier of his physical movements.48

 What Has Carpenter Changed?

How has the law governing the government’s use of third-party data for surveillance purposes changed because of the Carpenter decision? The decision’s immediate result is to make it harder for the government to get access to the historical records of cell phone users’ movements available through cell phone location technology. In holding for the defendant, the Carpenter Court essentially concluded that it threatens Fourth Amendment rights to allow the government to use cell phone company location data to re-trace a person’s movements for extended periods of time without the judicial supervision provided by the warrant requirement.49 The Court also made clear that its concern for protecting cell phone users’ privacy applies “[w]hether the Government employs its own surveillance technology . . . or leverages the technology of a wireless carrier.”50 In other words, at least with regard to cell phone location data, the Court has concluded that the government’s use of such data, even though it is generated by a private company, provides a powerful tool for observing the behavior of citizens the government suspects of criminal activity—a weapon that they have decided is too effective to be employed by prosecutors without the kind of judicial oversight required under the Fourth Amendment.

As time goes on, courts will in all probability be asked to consider whether Carpenter’s reasoning is broad enough to support defendants who challenge the government’s right to access information other than location data without a warrant. Concerns about the threat to personal privacy posed by government access to the mass of data maintained by private companies on users of communications technologies predates the Carpenter decision. For example, citing concerns about potential abuse of such information, Justice Sotomayor suggested in her Jones concurrence that “it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties.”51 Indeed, commentators have argued for some time that unfettered or inadequately regulated government access to the products of corporate monitoring of Internet usage by the general population presents challenges to individual privacy rights that are inadequately addressed under current Fourth Amendment law, and that the third-party doctrine in particular is out-of-sync with the demands on personal privacy made by modern technology.52

Similar concerns were expressed by Justice Gorsuch in his Carpenter dissent, where he questioned the wisdom of continuing to apply the third-party doctrine in our current data environment. Arguing that the Court has “never offered a persuasive justification” for the third-party rule, Justice Gorsuch characterized the doctrine as “[a] doubtful application of Katz that lets the government search almost whatever it wants whenever it wants. The Sixth Circuit had to follow that rule and faithfully did just that, but it’s not clear why we should.”53 Justice Gorsuch ultimately dissented from the majority opinion in Carpenter because he disagreed with the majority’s approach to Fourth Amendment analysis, which he believes was fatally flawed because of its reliance on the Katz standard.54 But the Justice’s concerns about the ultimate viability of the third-party standard—which, as noted above, arise in part from his dissatisfaction with Katz as a rule of decision—could not be clearer.55

The importance of these questions from both a privacy and law enforcement perspective probably explains why the Carpenter Court emphasized that its decision should be seen as “a narrow one.”56 The Court deliberately limited its opinion to the specific question—and the specific technology—at issue in the case. The opinion makes clear that it should not be read as expressing “a view on matters not before [the Court].”57 There is nothing in the opinion to suggest that the Court was concerned in Carpenter with government access to any information collected other than cell phone location data. The Court expressly refused to overrule Smith and Miller, or to question other types of surveillance techniques or tools, or other kinds of business records “that might incidentally reveal location information.”58 The Court also made clear that its rulings were not meant to eradicate or alter existing exceptions to the warrant requirement in cases where exigent circumstances suggest the need for rapid government action.59 Overall, the majority cautioned that the courts have the obligation to “tread carefully” in cases involving technologies the Court would characterize as novel.60 All of these caveats suggest that broader readings of Carpenter’s holding would be, at the very least, premature.

Still, the fact that a majority of the Court held in Carpenter that cell phone users have a constitutionally protected privacy interest in records of information about their activities collected and maintained by their service providers is a significant legal development from a privacy perspective. It is certainly true that the majority’s opinion can be read to suggest that the Court is not yet inclined to make broad pronouncements about the Fourth Amendment’s application in situations where the government seeks access to the massive amounts of data collected about the habits of those who use the Internet and other mass communications technologies. However, based on its decisions in Carpenter, Riley, Jones and other cases, the Court does appear willing to review Fourth Amendment objections to allowing the government warrantless access to information about users generated by particular technologies, once potential privacy problems related to the use of such technologies have been identified and have had the opportunity to be defined appropriately through lower court review. This manner of proceeding may not be fast enough for some, or comprehensive enough for others, but it appears to be the path with which a majority of the Justices, at least for now, is most comfortable.

If this view is correct, then it would be fair to conclude that challenges to warrantless retrievals of data collected by other technologies, particularly technologies that provide information about the daily physical movements of individuals, are sure to follow Carpenter. How the Court will respond to these challenges remains to be seen.

Footnotes

1) 138 S. Ct. 2206 (2018).

2) Compare Paul Ohm, The Broad Reach of Carpenter v. United States, JUST SECURITY (June 27, 2018), https://www.justsecurity.org/58520/broad-reach-carpenter-v-united-states/ (“From now on, we’ll be talking about what the Fourth Amendment means in pre-Carpenter and post-Carpenter terms. It will be seen as being as important as Olmstead and Katz in the overall arc of technological privacy.”), with Daniel Solove, Carpenter v. United States, Cell Phone Location Records, and the Third Party Doctrine, TEACHPRIVACY: PRIVACY + SECURITY BLOG (July 1, 2018), https://teachprivacy.com/carpenter-v-united-states-cell-phone-location-records-and-the-third party-doctrine/ (“The Supreme Court should have overruled the Third Party Doctrine or at least carved out a greater chunk of it.”).

3) Carpenter, 138 S. Ct. at 2212.

4) Id.

5) 18 U.S.C. § 2703(d).

6) Carpenter, 138 S. Ct. at 2212.

7) Id.

8) Id.

9) Id.

10) Id. at 2213.

11) Id.

12Id. at 2212.

13) Id. at 2212-13.

14) Id. at 2213

15) United States v. Carpenter, 819 F.3d 880, 884, 887-90 (6th Cir. 2016), rev’d and remanded, 138 S. Ct. 2206 (2018).

16) Carpenter, 138 S. Ct. at 2217, 2222.

17) 389 U.S. 347 (1967).

18) Carpenter, 138 S. Ct. at 2213.

19) Id. at 2217 (citing United States v. Jones, 565 U.S. 400, 415, 430 (2012)).

20) Id. at 2214 (internal quotation marks and citation omitted).

21) Id. (internal quotation marks and citation omitted).

22) Id. at 2216.

23) Id. at 2223.

24) Id. at 2216-17.

25) Id. at 2218.

26) Id. at 2217 (quoting, inter alia, United States v. Jones, 565 U.S. 400, 415 (2012) (Sotomayor, J., concurring)).

27) Id. at 2219.

28) Id.

29) Id. at 2218

30) Id; see also Brief for the United States at 24-28, Carpenter v. United States, 138 S. Ct. 2206 (2018) (No. 16 402) [hereinafter “Brief for the United States in Carpenter”].

31) 134 S. Ct. 2473 (2014).

32) Id. at 2490.

33) Carpenter, 138 S. Ct. at 2218.

34) Id. at 2219.

35) Id. at 2223 (quoting United States v. Di Re, 332 U.S. 581, 595 (1948)).

36) See Smith v. Maryland, 442 U.S. 735 (1979) (government’s use of a pen register was not a “search” within the meaning of the Fourth Amendment); see also United States v. Miller, 425 U.S. 435 (1976) (no legitimate expectation of privacy in contents of checks and deposit slips as they are intended for use for commercial exchanges and the user knows they will be seen by banks and other institutions in the course of their use).

37) Carpenter, 138 S. Ct. at 2219.

38) 425 U.S. 435.

39) See id. at 443 (“The depositor takes the risk, in revealing his affairs to another, that the information will be conveyed by that person to the Government.”).

40) Id. at 440-45.

41) Carpenter, 138 S. Ct. at 2228-29 (Kennedy, J., dissenting).

42) Brief for the United States in Carpenter, supra note 30, at 34.

43) Id. at 18-21; see also Carpenter, 138 S. Ct. at 2219-20. Justice Kennedy agreed with the government’s position on the doctrine in his Carpenter dissent, concluding that under Smith and Miller no “search” within the meaning of the Fourth Amendment occurred. Carpenter, 138 S. Ct. at 2226-29 (Kennedy, J., dissenting).

44) See, e.g., United States v. Graham, 824 F.3d 421, 438 (4th Cir. 2016) (adhering to rule but noting that “[a] per se rule that it is unreasonable to expect privacy in information voluntarily disclosed to third parties seems unmoored from current understandings of privacy”).

45) Carpenter, 138 S. Ct. at 2220.

46) Id. (quoting Riley v. California, 134 S. Ct. 2473, 2484 (2014)). Again, the Chief Justice’s description of the realities of cell phone usage in Carpenter appears to have been informed to some degree by conclusions he reached about how the devices were used in Riley. See Riley, 134 S. Ct. at 2490 (“[T]here is an element of pervasiveness that characterizes cell phones but not physical records. Prior to the digital age, people did not typically carry a cache of sensitive personal information with them as they went about their day. Now it is the person who is not carrying a cell phone, with all that it contains, who is the exception.”).

47) Carpenter, 138 S. Ct. at 2220.

48) Id. (quotation marks and citation omitted).

49) Id. at 2222-23. The Court expressly declined to decide whether the warrant requirement would apply when the government seeks access to cell site location data for something less than what the Court would view as an extended period of surveillance. See id. at 2217 n.3 (“[W]e need not decide whether there is a limited period for which the Government may obtain an individual's historical CSLI free from Fourth Amendment scrutiny, and if so, how long that period might be. It is sufficient for our purposes today to hold that accessing seven days of CSLI constitutes a Fourth Amendment search.”).

50) Id. at 2217.

51) United States v. Jones, 565 U.S. 400, 417 (2012) (Sotomayor, J., concurring).

52) See, e.g., Daniel Solove, 10 Reasons Why the Fourth Amendment Third Party Doctrine Should Be Overruled in Carpenter v. US, TEACHPRIVACY: PRIVACY + SECURITY BLOG (Nov. 28, 2017), https://teachprivacy.com/carpenter-v-us-10-reasons-fourth-amendment-third-party-doctrine-overruled/; Matthew Tokson, Automation and the Fourth Amendment, 96 IOWA L. REV. 581 (2011); Stephen E. Henderson, The Timely Demise of the Fourth Amendment Third Party Doctrine, 96 IOWA L. REV. BULL. 39 (2010-2011).

53) Carpenter, 138 S. Ct. at 2263-64 (Gorsuch, J., dissenting).

54) Id. at 2265-68.

55) See id. at 2264 (“[Overruling Smith and Miller] only risks returning us to its source: After all, it was Katz that produced Smith and Miller in the first place.”).

56) Id. at 2220 (majority opinion).

57) Id. 

58) Id. 

59) Id. at 2222-23.

60) Id. at 2220.

 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dechert LLP | Attorney Advertising

Written by:

Dechert LLP
Contact
more
less

Dechert LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at www.jdsupra.com) (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at privacy@jdsupra.com.

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to privacy@jdsupra.com. We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to privacy@jdsupra.com.

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at: privacy@jdsupra.com.

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at www.jdsupra.com) (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit legal.hubspot.com/privacy-policy.
  • New Relic - For more information on New Relic cookies, please visit www.newrelic.com/privacy.
  • Google Analytics - For more information on Google Analytics cookies, visit www.google.com/policies. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit http://www.aboutcookies.org which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at: privacy@jdsupra.com.

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.