Google receives Google user data requests from government agencies inside and outside the U.S. These requests for information usual involve investigations in criminal activity, administrative agencies, courts and others.
Google requires user data requests to be sent to Google directly where their legal team reviews each application. Requests are frequently pushed back when being too broad or don’t follow the correct process. So don’t be sloppy, be effective and specific in the data you ask.
When submitting requests, it is crucial to satisfy Google’s legal requirements and policies. For Google to produce your request, submit the request in writing and signed by an authorised official of the requesting agency. Make sure your submission is issued under an appropriate law. If the user data request is too broad, Google may deny it.
Google provides tools to download your content from many of Google’s services using Google Takeout.
You can view and control your own data. Through Takeout, you can export or create an archive of your Google data. Using Inactive Account Manager, you can decide what happens to your data in the event of inactivity for a certain period.
Many people wonder if a law enforcement agency in the U.S. has to go through a legal process to get Google to provide user data. Or if it only takes a phone call or email. Google requires everyone – including government agencies – to follow a legal process. Often, a subpoena, court order or search warrant is needed to force Google to disclose user information.
However, there are emergency cases where Google will make exceptions and provide the data needed. These emergency cases are generally situations where the data is required to prevent death or physical harm to someone — cases involving kidnapping or bomb threats, for example. If a government agency provides an emergency request, it has to explain how the requested data might prevent the harm.
Law enforcement departments have multiple options to submit data requests, such as phone, mail, email. The most common however is the online Law Enforcement Request System (LERS).
Google law enforcement portal LERS
LERS is purely a system for law enforcement to submit legal requests. It does not give them access to your data.
If Google receives ECPA legal process for your account, you will be notified by email before any information is disclosed. You may not get notified when it is prohibited by law. Google provides delayed notice to users after a legal prohibition is lifted, such as when a statutory or court-ordered gag period has expired. When the account in question is an enterprise hosted account, the domain administrator may be notified, or the end-user, or both. Again, in emergency cases involving the potential danger of death or physical harm, Google might not notify you.
Because of Mutal Legal Assistance Treaties (MLATs) and other diplomatic and cooperative arrangements, agencies outside the U.S. can work through the U.S. Department of Justice to obtain evidence for legal investigations. Sometimes the U.S. Federal Trade Commission steps in to assist.
When U.S. law applies in the investigations, an agency within the U.S. may open its own investigation to gather evidence for the non-U.S. investigators. Again, Google may disclose data to user data requests from outside the U.S. in cases of emergency.
The data a non-U.S. agency may get from Google
If a non-U.S. agency follows a diplomatic process to obtain a U.S.-issued ECPA subpoena, court order or search warrant, Google will disclose the same data as if the request came directly from a U.S. agency. When Google honors the request, Google might disclose information such as Google or YouTube account registration information. This information usually includes a name, account creation information and associated email addresses as well as recent sign-in IP addresses and time stamps.
An MLAT is a treaty between the U.S and other countries that defines how countries will asist each other in legal matters like criminal investigations. Because of the MLAT, a foreign government can ask the U.S. government for help in gathering evidence from U.S. based companies such as Google. When the U.S. government supports the request, Google would respond to it.
The MLAT process is relatively simple. This hypothetical example from Google may explain it: A police officer in London is investigating a case of identity theft. The officer has evidence that the culprit has a particular Gmail account. To continue her investigation, the officer needs to know who the user is. Because there is an MLAT between the U.K. and the U.S., the officer can ask the U.K. Home Office to obtain information from the Office of International Affairs in the U.S. Department of Justice. The U.S. Department of Justice hands the request to the appropriate U.S. Attorney’s office, which works through U.S. legal process and serves the user data request to Google. If the request satisfies the law and Google’s policies, Google would give the information to the U.S. Attorney’s office. From there the data would be forwarded to the officer in the U.K.
Other ways for non-U.S. governments to get information
Besides MLAT, there are many ways for other countries to get information from companies like Google. Other ways are joint investigations between the U.S. and local law enforcement, emergency discloser requests and more.
You must be logged in to post a comment.