About
News
RDR Corporate Accountability Index
Who we are
Resources
Index
Report
Compare
Companies
Services
Categories
Indicators
Download
Back
P10. Process for responding to third-party requests for user information

    P10. Process for responding to third-party requests for user information

    The company should clearly disclose its process for responding to requests from governments and other third parties for user information.

    Elements
    1. Does the company clearly disclose its process for responding to non-judicial government requests?
    2. Does the company clearly disclose its process for responding to court orders?
    3. Does the company clearly disclose its process for responding to government requests from foreign jurisdictions?
    4. Does the company clearly disclose its process for responding to requests made by private parties?
    5. Do the company’s explanations clearly disclose the legal basis under which it may comply with government requests?
    6. Do the company’s explanations clearly disclose the basis under which it may comply with requests from private parties?
    7. Does the company clearly disclose that it carries out due diligence on government requests before deciding how to respond?
    8. Does the company clearly disclose that it carries out due diligence on private requests before deciding how to respond?
    9. Does the company commit to push back on inappropriate or overbroad government requests?
    10. Does the company commit to push back on inappropriate or overbroad private requests?
    11. Does the company provide clear guidance or examples of implementation of its process for government requests?
    12. Does the company provide clear guidance or examples of implementation of its process for private requests?
    Research guidance

    Companies increasingly receive requests to turn over user information. These requests can come from government agencies or courts (both domestic and foreign), as well as from private entities (i.e. non-governmental and non-judicial entities) We expect companies to publicly disclose their process for responding to requests from each type of third party, along with the basis for complying with these requests. Companies should also publicly commit to pushing back on inappropriate or overbroad government and private requests.

    In some cases, the law might prevent a company from disclosing information referenced in this indicator’s elements. Researchers will document situations where this is the case, but a company will still lose points if it fails to meet all elements. This represents a situation where the law causes companies to fall short of best practice, and we encourage companies to advocate for laws that enable them to fully respect users’ rights to freedom of expression and privacy.

    Potential sources:

    • Company transparency report
    • Company law enforcement guidelines
    • Company privacy policy
    • Company blog posts