Microsoft has released its latest biannual digital trust reports on the Microsoft Reports Hub, including our Law Enforcement Requests Report, U.S. National Security Orders Report, Digital Safety Content Report, Privacy Report, Right to Be Forgotten Requests Report, Government Requests for Content Removal Report and Copyright Content Removal Request Report,
We are committed to transparency around our services and policies. These reports are intended to help our customers understand how Microsoft responds to government and law enforcement requests and our policies on these issues. Please also visit our Data Law website for more information about Microsoft’s principles, policies and procedures for responding to government requests for data.
Moving forward, we will continue to update these digital trust reports on a biannual basis to ensure the public and our customers have awareness about this data and will only publish these accompanying blog posts when needed to provide additional context or announce updates. These reports and others detailing our business and operations will continue to be accessible on our Reports Hub.
Law enforcement requests
When Microsoft receives a law enforcement request – from any government – we review the request to ensure it is consistent with controlling law and our Microsoft principles. We disclose customer data only in response to a legally valid warrant, order or subpoena and only after we confirm the request specifies specific accounts or individual identifiers. We object to improper legal demands – even through litigation when necessary.
The Law Enforcement Requests Report encompassing the period from July to December 2021 remains largely consistent with our previous reports:
Requests for consumer data:
- During the second half of 2021, Microsoft received a total number of 25,182 legal requests related to our consumer services from law enforcement agencies around the world, which is a decrease from the previous six-month period total of 27,809 legal requests.
- A majority of the law enforcement requests Microsoft received during this period continued to come from a handful of countries, including France, Germany, the United Kingdom and the United States.
- Specific to Unites States law enforcement, Microsoft received 5,601 legal requests for data related to our consumer services – a decrease from the previous period where we received 6,392 legal requests.
Requests for enterprise customer data:
- In the second half of 2021, Microsoft received 120 requests from law enforcement around the world for data associated with enterprise cloud customers, which is defined as customers who purchased more than 50 seats.
- In 65 cases, these requests were rejected, withdrawn or law enforcement was successfully redirected to the customer to obtain the information they were seeking.
- In 55 cases, Microsoft was compelled to provide some information in response to the order: 29 cases required the disclosure of some customer content and, in 26 of the cases, we were compelled to disclose non-content information only.
Starting today, this report will also begin providing transparency around the secrecy orders we receive that are attached to law enforcement requests and that prevent us from notifying users and enterprise customers of a government demand for their data. We have a long history of pushing back to ensure that secrecy is the exception, not the norm, and will continue to advocate and take steps to ensure that these orders are used only temporarily and when clearly necessary.
In 2021, Microsoft received secrecy orders attached to 28% of U.S. legal demands, including federal, state and local law enforcement demands, totaling 3,337 secrecy orders. Of these, 2,790 were issued by federal law enforcement authorities.
U.S. national security orders
The U.S. National Security Orders Report, which encompasses the period from January to June 2021, reflects the most detailed information we may report pursuant to U.S. law.
- For the latest Foreign Intelligence Surveillance Act (FISA) data reported, Microsoft received 0-499 FISA orders seeking content disclosures affecting 11,500-11,999 accounts, which is a decrease from the previous period during which disclosures affected 15,000-15,499 accounts. We received 0-499 National Security Letters in the latest reporting period, which is unchanged from the previous period.
Content removal requests
The latest Content Removal Requests Report details acceptance rates regarding requests received from governments, copyright holders and individuals subject to the European Union’s “Right to Be Forgotten” ruling.
Previously, the Content Removal Requests Report contained three different tabs: (1) Government requests for content removal; (2) Copyright removal requests; and (3) “Right to be Forgotten” requests. Beginning with the reports for July-December 2021, those three tabs are presented as three separate reports. They continue to provide data regarding requests received from governments, copyright holders and individuals subject to the European Union’s “Right to be Forgotten” ruling.
Digital safety content
The Digital Safety Content Report covers actions that Microsoft has taken in relation to child sexual exploitation and abuse imagery (CSEAI), terrorist and violent extremist content (TVEC) as well as non-consensual intimate imagery (NCII). The Microsoft Services Agreement includes a Code of Conduct, which outlines what’s allowed and what’s prohibited when using a Microsoft account. Some services offer additional guidance to show how the Code of Conduct applies to their content, such as the Community Standards for Xbox. We continue to take steps to ensure that our platforms and services remain safe and welcoming to all users with respect to their rights to privacy and freedom of expression.
Privacy report
We’ve also released our latest Microsoft Privacy Report, which details important new developments in privacy at Microsoft, including the release of Microsoft Priva – joining our MIcrosoft Purview solution – to help organizations manage their data and data subject requests; the announcement of new datacenters in more countries; and our continued support for strong, comprehensive, interoperable privacy laws. Additionally, the privacy report provides information about personal data we collect, how it may be used and how customers can manage and control their data, such as through the Microsoft Privacy Dashboard. In 2021, our customers used the privacy dashboard to an unprecedented degree: Over 26 million people worldwide relied on it to understand more about the personal data we collect and to exert their control over it.