Wikimedia Foundation Transparency Report/June 2017/Requests for User Data

Freedom of speech is essential to the Wikimedia movement—our projects cannot flourish in an ecosystem where individuals cannot speak freely. Our users trust us to protect their identities against unlawful disclosure and we take this responsibility seriously.

Wikimedia Foundation Transparency Reports
Wikimedia Foundation Transparency Reports

All transparency reports

Privacy-related WMF Policies


However, every year, governments, individuals, and corporations ask us to disclose user data. Often, we have no nonpublic information to disclose because we collect little nonpublic information about users and retain that information for a short period of time. But when we do have data, we carefully evaluate every request before considering disclosure. If the requests do not meet our standards — if they are overly broad, unclear, or irrelevant — we will push back on behalf of our users.

If we must produce information due to a legally valid request, we will notify the affected user before we disclose, if we are legally permitted and have the means to do so. In certain cases, we may help find assistance for users to fight an invalid request.

Awareness that the Government may be watching chills associational and expressive freedoms. And the Government's unrestrained power to assemble data that reveal private aspects of identity is susceptible to abuse.

JAN – JUN 2017
Total user data requests
18   
JAN – JUN 2017
Percentage of times information produced
16.7%

Data

edit
JAN – JUN 2017
Summary
Total number of requests 18
Informal Non-Government Requests 10
Informal Government Requests 4
Civil Subpoenas 3
Criminal Subpoenas 1
Administrative Subpoenas 0
Search Warrants 0
Court Orders 0
National Security Requests 0
Information Produced 3
User Accounts Potentially Affected 23
User Accounts Actually Affected 3
User Accounts Notified 0

Type of Information Requested

edit

We divide the requests we receive by the type of information requested: “content” or “non-content.”

Most content information on the Wikimedia projects is the public content of articles and project pages; “non-content” information refers to information such as IP addresses or user agent information. The distinction comes from the Electronic Communications Privacy Act, or ECPA. Please see our FAQ for more information.

JAN – JUN 2017
Content requests
0%   
JAN – JUN 2017
Non-content requests
100%   
JUL– DEC 2016
Compared to other companies, we received relatively few requests[1]
Company Requests received Requests granted
Facebook 64,279 46,608
Google 45,550 27,535
Twitter 6,044 3,902
LinkedIn 150 106
Wikimedia 13 1
  1. Due to the inconsistent release dates across different organizations, comparison data for the period covered by this report (January 2017 - June 2017) was not available, so we are presenting the comparison data above for July 2016 - December 2016. Please also note that figures for Wikimedia include additional types of requests for user data that are not included in the other organizations' figures. See the FAQ for more details.


JAN – JUN 2017
Requests for user data, and how we responded
By request type:
Received All Partial
Informal non-government requests 10 0 0
Informal government requests 4 0 0
Civil subpoenas 3 0 2
Court orders 0 0 0
Criminal subpoenas 1 0 1
Administrative subpoenas 0 0 0
Search warrants 0 0 0
By country:
  United States 8 0 3
  United Kingdom 3 0 0
  Canada 2 0 0
  India 1 0 0
  Italy 1 0 0
  Netherlands 1 0 0
  Singapore 1 0 0
Unknown 1 0 0

JAN – JUN 2017
Government requests breakdown
Informal Government Requests Total 4
India Local Police 1
Singapore Federal Police 1
United Kingdom Local Police 1
United States State agency 1
Criminal Subpoenas Total 1
United States Federal law enforcement 1

Preservation Requests

edit

Occasionally, we receive a preservation request from the U.S. government under the Electronic Communications Privacy Act. A preservation request is an order to retain information that would otherwise be deleted, anonymized, or aggregated within 90 days, according to our Data Retention Guidelines. If we receive one of these requests, we are legally required to retain the specific information indicated. However, we will not turn this information over to the requesting party unless they subsequently follow our Requests for User Information Procedures & Guidelines, and obtain a legal order, such as a subpoena or warrant, for the information in question.

Here, we provide the number of new preservation requests we received during the period covered by this report.

JAN – JUN 2017
Total Preservation Requests
1