Search giant Google released on Jan. 28, 2013, otherwise marked as the Data Privacy Day, an update to its Transparency Report detailing how it deals with government requests for access to personally identifiable information (PII) of its users.
The new section contains frequently asked questions about how Google responds to governments, courts and legal parties asking for information about how a person uses its services. Internet users are naturally aware that they are turning in to Google some of their personal data the moment they sign up to its services. But what is scantily known is that these pieces of information – such as email address, name and location – can be disclosed on strongly grounded requests from authorities in aid of investigation. Although these data vastly help Google, and other tech companies, to better enhance their products and services, the privacy and security of its users could be fatally put at risk.
“It’s important for law enforcement agencies to pursue illegal activity and keep the public safe… But it’s just as important that laws protect you against overly broad requests for your personal information,” said David Drummond, Senior Vice President and Chief Legal Officer.
To avoid the compromise of user data, Google vowed to continue its initiatives on protecting online documents, conduct tighter scrutiny on government requests and inform users about these requests. For example, when it receives a legal request for user data, Google strictly reviews it to make sure it abides by the law and Google’s policies. Drummond said in a blog post that the request must be in written form, signed by an authority and issued under an appropriate law.
The request should also be narrowed down if it’s excessively broad, Drummond added, noting that Google has frequently done this before. In 2006, Google denied a U.S. government request to hand over user search data of over two months, eventually prompting a court to dismiss the subpoena.
Google said it also strives to inform its users when their accounts fall subject to legal investigations so they may contact the investigating entity. In some other time Google either is legally prohibited or lacks the verified information requested, thus its inability to notify users accordingly.
In such cases, the search giant seeks to nullify the orders, Drummond said.
For legal parties seeking to gain access to the online information of a user in question, Google requires a search warrant for it to disclose such data contained in Google services like Gmail, documents, photos and YouTube videos.
“We believe a warrant is required by the Fourth Amendment to the U.S. Constitution, which prohibits unreasonable search and seizure and overrides conflicting provisions in ECPA,” Drummond said.
Last week, Google issued a Transparency Report showing a rise in government requests for its users’ data, which steadily continued to grow in the second half of 2012 when there was a marked increase of its service usage. Google showed in detail the types of litigations for which the U.S. government would require the online data of users.
From July to December 2012, 68 percent of the requests for PPI received by Google from the U.S. government were through subpoenas issued under the Electronic Communications Privacy Act (ECPA). About 22 percent were through search warrants issued under ECPA. The remaining 10 percent were court orders issued under ECPA or other processes deemed hard to categorize by Google.
Since 2009, requests for user data rose by over 70 percent. Overall, Google received 21,389 requests for information about 33,634 users, according to Richard Salgado, Legal Director, Law Enforcement and Information Security at Google.