Government access requests

6 · 24 · 21

Yesterday the European Data Protection Board published the Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data

I wondered how often governments, in particular the US government, request access to users’ information.

The short answer is: very often

Let’s take a look at the information provided by the Facebook transparency center

– Concerning US legal process requests (search warrants, Subpoenas, Title III Wiretap Act, Pen register, trap and trace, Court order: 18 USC 2703(d), and other Court Orders)
—> During 2020 the US government made around 120.000 requests, comprising around 210.000 users/accounts requested and the company in around 90% of the times produced information.

– What is more important for EU citizens are the National Security Requests (including FISA requests and National security letters, but not EO 12333)
—> FISA requests: during 2019 it involved nearly 220.000 accounts and during the first semester 2020 nearly 117.000 accounts
—> National security letters: between 0-1000 requests and accounts specified

While I have to acknowledge that this is a step forward in the right direction for a company that is not well-known for its transparent practices, it’s hard to believe for me that they ‘individually review all requests’, since it’d mean FB’s team assesses around 500 petitions per day, every working day (US legal process and national security requests). How many lawyers does a company need to process such an astonishing amount of requests per day?

In any case, disclosing the government access requests is a positive thing and it is a reminder that the transfer of #personaldata to other jurisdictions must be protected