After receiving a barrage of feedback following its most recent Transparency Report, Google has just updated the original to add a new section that details how it goes about handling each government request for data that it receives.
The addendum ‘Legal Process’ is an attempt to answer dozens of questions that Google users have over how Google decides which requests to facilitate and which it doesn’t. One of the most commonly asked questions was “in what situations won’t you tell me about a request for my information?”, to which Google responded that it won’t notify users if they have been legally prohibited from doing so (as is often the case). However, it did state that on some occasions it will try to fight gag orders on behalf of users, so they can be informed.
Accompanying the new update was a new blog post from Google’s chief legal eagle David Drummond, who reminds users of the fine line that the company has to walk when it comes to matters of privacy. The search engine giant collects vast amounts of information on its users; browsing history, location data etc, etc., to help it deliver better results (and adverts), but at the same time too much information collection can threaten individual’s anonymity. Meanwhile, governments around the world are increasingly using Google’s data to investigate their own citizens.
“It’s important for law enforcement agencies to pursue illegal activity and keep the public safe. We’re a law-abiding company, and we don’t want our services to be used in harmful ways. But it’s just as important that laws protect you against overly broad requests for your personal information.”
Last week, Google revealed that the number of requests made by US law enforcement had grown substantially over the last six months, rising to 8,438 total requests for information, a six percent rise from the previous six months. This shows that US agencies request far more data than their counterparts in other countries – worldwide, Google received a total of 21,389 such requests.
So it’s reassuring to know that Google doesn’t just give out this data willy-nilly to anyone that happens to be wearing a uniform. In fact, the company is surprisingly protective over its user’s data, and insists that law enforcement agencies follow a strict legal process before they can access it.
How Google Handles Each Data Request
Each request that Google receives is carefully scrutinized to make sure it’s legal and complies with the company’s policy, according to Drummond. In order to comply, the company generally only considers requests made in writing, issued under an appropriate law, and signed by an authorized person. Once Google decides that a request complies, it will then evaluate the scope of the request. In some case, Google may decide that it is too ‘broad’, and ask officials to narrow the request down. According to Drummond, this is something the company frequently does.
If appropriate, Google will then take steps to notify users about the legal demand. However, in many instances it cannot, due to legal prohibitions or because the company doesn’t have verified contact information for the individual concerned.
For data requests to access a user’s browsing history, search query history, or any content stored within a Gmail account (such as emails, documents, photos etc), authorities must have a search warrant, and not just an ordinary subpoena.
“We believe it’s the right way to make sure governments can pursue legitimate investigations while we do our best to protect your privacy and security,” writes Drummond.