Government agencies generally make user data requests for information about Google users or accounts in criminal cases.
No. While we have tried to report as accurate a number as possible, the statistics are not 100% comprehensive or accurate. For example, we have not included statistics for countries where we've received fewer than 30 requests for user data in criminal cases during the reporting period. Where the numbers of requests are relatively low from a particular country, revealing the statistics could place important investigations at risk and interfere with public safety efforts of the authorities.
As with many other Google products, we like to launch and iterate. The Transparency Report is no different. As we've worked on this project, we've figured out the best way to disclose more information. For example, starting with the July-December 2010 reporting period, we began to disclose the percentages of user data requests we comply with in whole or in part. And starting with the January-June 2011 reporting period, we began to disclose the number of users or accounts about which data was requested.
No, the statistics primarily cover requests in criminal matters. We can't always be sure that a request necessarily relates to a criminal investigation, however, so there are likely a small number of requests that fall outside of this category. For example, we would include in the statistics an emergency request from a government public safety agency seeking information to save the life of a person who is in peril even though there is not necessarily a criminal investigation involved. As we improve our tracking, we may add more categories.
Like other technology and communications companies, we regularly receive user data requests, which may specify any users or accounts used to store or provide information on our services. We are by no means unique when it comes to receiving these requests.
No, the statistics primarily cover requests in criminal matters. We can't always be sure that a request necessarily relates to a criminal investigation, however, so there are likely a small number of requests that fall outside of this category. That said, there are several reasons why the numbers of "users/accounts specified" by user data requests may be over-inclusive or under-inclusive. For example, in some instances the same Gmail account may be specified in several different requests for user data. Each distinct request that we receive would be added to the total, as we have not figured out a satisfactory method for de-duplicating account or user names when tracking requests. On the other hand, we might also receive a request for a user or account that doesn't exist at all. In that case, we would still add both the request and the non-existent account to the total.
The "user data requests" numbers reflect the number of requests we received about the users of our services and products from government agencies like local and federal police and, from July 2010 onward, the number of requests to which we responded in whole or in part. When we receive a request for user information, we review it carefully and only provide information within the scope and authority of the request. We may refuse to produce information or try to narrow the request in some cases. Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.
We would like to be able to share more information, but it's not an easy matter. The requests we receive for user data come from a variety of government agencies with different legal authorities and different forms of requests. They don't follow a standard format or necessarily seek the same kinds of information. A single request may ask for several types of data but be valid only for one type and not for another; in those cases, we disclose only the information we believe we are legally required to share. Given all this complexity, it's a difficult task to categorize and quantify these requests in a way that adds meaningful transparency, but we may do so in the future.
These observations on user data requests highlight some trends that we've seen in the data during each reporting period, and are by no means exhaustive.
Transparency Report