TL;DR
- Your mobile operator records the cell tower ID (and sector) your handset was connected to at the time of each call, message, or data session; in dense urban areas this can indicate your position to within a few hundred metres.
- This cell-site location data is classified as communications data under the Investigatory Powers Act 2016 and can be retained for up to twelve months.
- Police and other designated public authorities can apply for access to location records; courts can also order disclosure in civil proceedings.
- UK GDPR and the Privacy and Electronic Communications Regulations 2003 give you rights over how operators use location data for commercial purposes, but do not permit you to opt out of the network-level location recording that is inherent to how mobile networks function.
- The only effective technical means to prevent any location data being generated on the network is to keep the phone switched off or in Airplane Mode, which severs the radio connection.
How mobile networks generate location data
The mobile network’s awareness of your approximate location is not a surveillance feature added on top of the system: it is a fundamental byproduct of how cellular technology works. For a handset to make or receive calls, send messages, or use mobile data, it must maintain a radio connection to the network. This connection is provided by base stations — commonly called cell towers or masts — and each base station covers a geographic cell. When your phone attaches to the network, it registers with a specific cell, identified by a Cell Global Identity (CGI) code that encodes the network operator, country code, location area, and specific cell. This registration record is created not only during active use but periodically as the phone moves between cells to maintain network awareness of which cell should route incoming calls and messages to you.
The geographic precision of cell-site location data varies substantially with cell size, which itself varies with terrain, frequency band, and the density of infrastructure. In rural areas, a single macrocell may cover several square kilometres, meaning a cell ID places a device somewhere within a radius of potentially one to several kilometres. In dense urban environments — particularly in city centres where small cells, microcells, and 5G small nodes are deployed — a cell may cover an area of a few hundred metres or less, and where base stations use directional sectors, the precision narrows further. Modern techniques including timing advance measurements and signal strength triangulation across multiple visible cells can narrow location estimates further still, though full GPS-level precision is not achievable from network records alone.
What the operator stores and retains
Under the standard billing and network management activities, an operator logs the cell ID to which a handset was connected at the time of each call, SMS, or data session. This information appears as network access records in the data categories defined under the Investigatory Powers Act 2016. A data retention notice served on an operator under Part 4 of the IPA can require these network access records to be retained for up to twelve months from the date of generation. The records do not show a continuous GPS track of the device; they show a sequence of cell attachments associated with specific communication events and periodic location updates.
Separately from the IPA regime, operators collect and process location data for their own operational purposes including network planning, capacity management, and fault diagnosis. Many operators also offer aggregated, anonymised location analytics to third parties — for example, footfall analysis products sold to local authorities or retail chains. This commercial use of location data is subject to UK GDPR and the Privacy and Electronic Communications Regulations 2003 (PECR). PECR Regulation 14 specifically addresses location data processing beyond what is strictly necessary for routing communications, requiring that it be anonymised or that the subscriber have given consent, with the right to withdraw that consent at any time. Your operator’s privacy notice must describe what location data processing they conduct and on what legal basis.
| Location data type | When generated | Typical precision | Retention basis |
|---|---|---|---|
| Cell ID at call/SMS | Each voice call or text message | Hundreds of metres (urban) to several km (rural) | IPA 2016 data retention notice; up to 12 months |
| Cell ID at data session | Each mobile data connection start/end | Hundreds of metres (urban) to several km (rural) | IPA 2016 data retention notice; up to 12 months |
| Periodic location update (idle) | Phone moves between location areas while in standby | Location area level (coarser than cell) | Operational logs; retention varies by operator |
| Commercial analytics (aggregated) | Continuous (derived from above) | Aggregate/anonymised; individual precision not published | UK GDPR; consent or legitimate interest basis under PECR |
| Emergency location (AML) | Only when 999/112 call is made | GPS/Wi-Fi hybrid; typically within 50 metres | Emergency services only; not retained for law enforcement |
Law enforcement and judicial access
Police forces and other designated public authorities can obtain location records from mobile operators through the authorisation regime established in Chapter 2 of Part 3 of the Investigatory Powers Act 2016. A designated senior officer within the authority can authorise a request for communications data, including cell-site location records, where the purpose falls within the statutory grounds (preventing or detecting crime, protecting national security, or safeguarding life, among others). For more sensitive applications, a double-lock requiring judicial approval from an Investigatory Powers Commissioner applies. The National Crime Agency, HMRC, the Serious Fraud Office, and other Schedule 4 authorities operate under the same framework.
Historical cell-site analysis has been used as evidence in criminal trials for many years to place defendants at or near locations associated with offences. Expert witnesses typically present the analysis as establishing a radius within which the handset was located at the time of a recorded event, with careful qualification about the limitations of cell precision. Courts have also ordered operators to disclose location records in civil proceedings, for example in family law matters or high-value civil fraud litigation. The Investigatory Powers Commissioner’s Office publishes annual reports containing aggregate figures on the number of requests and authorisations, providing a measure of public accountability for the regime.
Your UK GDPR rights over location data
As a data subject whose location data is processed by a mobile operator, you hold a suite of rights under UK GDPR. The right of access (Article 15) enables you to request what location-related data the operator holds and how it is used. The right to erasure (Article 17) applies where processing is based on consent or legitimate interest, though it does not override data that must be retained under a statutory obligation such as an IPA data retention notice. The right to object (Article 21) can be exercised against processing based on legitimate interest, which covers many commercial analytics activities.
PECR Regulation 14 provides a more specific right in relation to the commercial use of location data that goes beyond what is necessary for routing: you can withdraw consent for such processing at any time. In practice, this typically covers uses such as network analytics products or marketing profiling derived from your movement patterns. Your operator’s privacy portal or settings menu should provide controls for these optional uses. However, the fundamental cell-ID registration that occurs whenever your phone is connected to the network is inherent to the operation of the service, and no GDPR right permits you to prevent it whilst remaining connected. Switching to Airplane Mode or powering off the handset are the only technical means of preventing any network-level location data from being generated.
What this means in practice
Consider a fictional scenario: Fatima, a solicitor based in Edinburgh, is acting in a civil fraud case and her client needs to establish that a counterparty was in a particular city on a specific date. Her instructed barrister advises that cell-site records could corroborate or contradict the counterparty’s account. A court order is obtained compelling the counterparty’s mobile operator to disclose network access records for the relevant date. The operator returns records showing the cell IDs and sector assignments logged against the counterparty’s IMSI during the relevant period. An expert witness maps the cells to their known geographic footprints and provides a report stating, with appropriate precision qualifications, that the handset was most likely within a defined area of central Glasgow rather than the counterparty’s claimed location in London at the material time. The records inform rather than determine the court’s finding, consistent with how UK courts treat cell-site evidence.
Related Guides
How we verified this
This article draws on the Investigatory Powers Act 2016 (Parts 3 and 4) as published on legislation.gov.uk, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) particularly Regulation 14, ICO guidance on location data processing under UK GDPR, Ofcom technical documentation on cellular network architectures, and IPCO annual transparency reports published at ipco.org.uk.
Disclaimer: Kaeltripton.com is an independent UK editorial publisher. We are not regulated by Ofcom or the FCA and we do not sell or arrange mobile services, insurance, or financial products. This content is for general information only and is not legal, financial, or technical advice. Rules, prices, and operator policies change. Verify the current position with Ofcom, GOV.UK, the ICO, or your provider before acting. ICO registered ZC135439. Last reviewed: 2026-06-05.
Frequently Asked Questions
Does my mobile operator track my location?
Not in the sense of continuously recording a GPS track, but your operator does record which cell tower your phone was connected to at the time of each call, message, and data session, as well as periodic location updates when your phone moves between coverage areas. These records are a byproduct of how mobile networks function. Cell-site records are retained for up to twelve months under the Investigatory Powers Act 2016 framework and can be accessed by law enforcement with proper authorisation. Your operator may also process location data for commercial analytics, which is subject to PECR and UK GDPR.
How accurate is mobile network location data?
Accuracy depends heavily on cell density. In a rural area where a single macrocell covers several square kilometres, a cell ID places a device somewhere within that broad area. In a dense urban environment with smaller cells and 5G small nodes, the area can narrow to a few hundred metres or less. Techniques such as timing advance measurements and signal triangulation across multiple visible cells can refine estimates further, but even advanced analysis typically cannot achieve GPS-level precision. Expert witnesses in court proceedings are required to present cell-site conclusions with explicit precision qualifications reflecting these limitations.
Can police access my location from my mobile network?
Yes, with proper authorisation. Police forces are designated public authorities under the Investigatory Powers Act 2016 and can apply for access to communications data, including network access records containing cell IDs, through the statutory authorisation process. A designated senior officer within the force must authorise the request, and the purpose must fall within the statutory grounds. In cases involving serious crime, a double-lock system requires additional approval from an Investigatory Powers Commissioner. The records produced show which cells the handset was connected to, not a live GPS track.
How long does my operator keep location data?
Network access records (cell IDs logged with each communication event) can be retained for up to twelve months under a data retention notice served under Part 4 of the Investigatory Powers Act 2016. Operational network management logs may be retained for shorter periods depending on the operator’s policies. Location data processed for commercial analytics purposes is subject to UK GDPR retention limitations, meaning it should not be kept longer than is necessary for the stated purpose. Your operator’s privacy notice should specify applicable retention periods for each category of location data they process.
Can I opt out of location tracking by my mobile network?
You cannot opt out of the basic cell-site recording that occurs as a function of maintaining a mobile connection; it is inherent to how cellular networks operate and is not optional. You can withdraw consent for commercial uses of location data — such as analytics or profiling — under PECR Regulation 14, typically through your operator’s privacy settings portal. The only way to prevent network-level location data being generated entirely is to keep your phone switched off or in Airplane Mode, which disables all radio connections and prevents any cell attachment records from being created.
