1. The company breaks out the number of user data and real-time communications access demands it receives by country.
2. The company lists the number of accounts affected.
3. The company lists whether a demand sought communications content or non-content (e.g., metadata, basic subscriber information, or non-content transactional data) or both.
4. The company identifies the specific legal authority or type of legal process through which law enforcement and national security demands are made.
5. The company includes requests that come from court orders or subpoenas (including civil cases).
6. The company includes other non-governmental requests.
7. The company lists the number of requests it complied with, broken down by category of demand.
8. The company lists what types of government requests it is prohibited by law from disclosing.
9. The company reports this data at least once per year.
10. The data reported by the company can be exported as a structured data file.
Guidance: This indicator examines company reporting on the government and other third party requests companies receive for users’ data.
Evaluation: This indicator is scored using a checklist, meaning companies can only receive full credit if their disclosure meets all elements in the checklist.
In some cases, the law might prevent a company from disclosing information referenced in this indicator’s elements. For example, we expect companies to publish exact numbers rather than ranges of numbers. We acknowledge that laws sometimes prevent companies from doing so, and researchers will document situations where this is the case. But a company will lose points if it fails to meet all elements. This represents a situation where the law causes companies to be uncompetitive, and we encourage companies to advocate for laws that enable them to fully respect users’ rights to freedom of expression and privacy.
Potential sources:
For more information, click here for a glossary of terms.