We often hear the phrase, "If you're not paying for the product, then you're the product." Take this expression as you wish, but one interpretation could be, “the data gathered about a customer is more valuable than the income realised through the transactions with customers”.
Moving beyond the commercial aspect of data, governments are wising up to this statement as well, as evidenced by a new, Report on Government Requests for User Data issued by Surfshark, a privacy protection toolset developed to help users control their online presence. The report has gone as far as it legally could, uncovering some, shall we say, "interesting" facts about how Big Brother is using this data.
The report analyses recently-released information on user data requests that Apple, Google, Meta, and Microsoft (within their transparency reports) received from 177 countries’ local authorities between 2013 and 2021.
As a data request can cover multiple accounts, the research examines:
- the number of accounts specified in the requests,
- their global distribution per population,
- and compares the number of partially or fully disclosed requests.
It emphasises the increase in user data requests in the latest years, noting that these requests may be related to criminal investigations, but also as civil or administrative cases when digital evidence is needed.
The authorities that request the most data are not surprisingly the US and the EU, and together they account for around 60% of all accounts of interest in the period 2013-2021.
On the other side, the report also shows that Apple complied with the most user data requests (82%), while slightly lower disclosure rates are for Meta (72%), Google (71%), and Microsoft (68%).
Globally, countries requested more than 6.6 million accounts combined during the 9-year period. In Europe, based on the number of user accounts requested by authorities,
- Germany is first on the list (with 648 accounts/100k people), followed by
- The UK (583.4 accounts/100k people) and
- France (532.32 accounts/100k people).
The results also show that the UK made 7 times more requests than the global average (87.9 accounts/100k people).
On the top of the list is the US, with nearly 1 account per 100 people in the period 2013-2021. Looking at the top 10, six countries are from Europe, while Singapore, Australia, and Taiwan comprise the rest.
More and More
The number of accounts requested increased more than five times from 2013 to 2021. Requested accounts grew by 8% in 2021 compared to 2020, while the UK showed the same trend, with a 159% increase from 2013 to 2021.
As stated in the report, 2020 saw the most significant year-over-year increase of 38% in accounts requested, following 2021 with an increase of 25% - from 1.3 million to 1.6 million. It is interesting that this number of accounts in user data requests in 2021 (1.6 million) amounts to a quarter of a nine-year total.
The report also shows that companies fully or partially disclosed data from around 2.5 million requests in the period of 9 years. In the UK, the overall disclosure rate is 81.6%.
"Besides requesting data from technology companies, authorities are now exploring more ways to monitor and tackle crime through online services. For instance, the EU is considering a regulation that would require internet service providers to detect, report, and remove abuse-related content,” says Gabriele Kaveckyte, Privacy Counsel at Surfshark.
The European Commission adopted on 23 February 2022 the Data Act, as a key pillar of the European strategy for data which clarifies who can create value from data and under which conditions. It also represents an important contribution to the digital transformation objectives of the Digital Decade.