It's important to assist law enforcement when possible in order to uphold law and order within society. Some companies may encrypt information, which means they cannot share all information but they may still participate in legal obligations up until the point they're incapable of sharing information.
Continue reading to understand our use of end-to-end encryption and other security measures that may impact our ability to share data with law enforcement—or not, pending valid legal request.
Companies view data as an asset. Your data gives companies information they need to develop products, customize your website experience, and sell you products they know you will buy. The more they know about you, the better they will be able to predict what you will buy. Your information will help a company make money. Over time, there are those who have begun to question how much data 'should' companies have about each one of us. More importantly, what data are companies using and why?
Watch this video from our co-Founder, Joe Toscano's Ted Talk: Want to Work for Google? You Already Do.
Individuals have the right to correct any inaccurate or incomplete personal information about themselves. Businesses must make it easy for customers or subscribers to make this request and have it resolved without delay.
When a company collects personal information, individual consent or permission must be given to allow that company to collect, use and disclosure this information. Generally speaking, there are two types of consent an organization may obtain:
1) Explicit Consent (also known as express consent.) In this case, there needs to be clear, documented consent, given either verbally, written or through another form of digital attestation (for example, video or audio.) Disclosure of the purpose for which the data is being used must be made at that time. A common example: an individual subscribes to an email newsletter. When s/he will submits their information, they subsequently receive a link in their email to provide “explicit consent."
2) Implicit Consent (also known as indirect or inferred consent.) Individuals may voluntarily provide information to a company to collect and use the information for specific purpose(s) given at the time. For example, retailers may ask customers for implicit consent to send them emails so they can receive relevant offers.
For the most stringent privacy legislation—known as the GDPR—this means that the personal information must be freely given, consent must relate to a specific purpose, and the individual must fully understand why the data is being collected.
As easily as consent is granted by an individual, a company must make it just as easy to allow an individual to remove their consent or opt-out.
The short answer is that it depends, but probably not. The truth is it depends on the company.
Why? Data protection laws in the US are very fragmented. A small handful of states have decided to legally protect their citizens from the extractive model of most companies on the internet but many states have not. That doesn't mean that individual companies can't give you that right without being required to by law (like we do) but ultimately, at this point in history, it's up to the company's discretion unless the state or nation legally requires it out of them.
You can learn more about what rights you have in your state here: https://iapp.org/resources/article/state-comparison-table/
The short answer is that it depends. The first question is whether or not your state protects you at all. You can find out more here: https://iapp.org/resources/article/state-comparison-table/
If your state has legal requirements for companies to protect its citizens, time to respond to data request still varies and in most cases is not automated. Some states require companies to respond within 30 days, some give companies 45 days, some give 60 days.
The number of days is also dependent upon when the request is received. For example, if it took the company 10 days to get to your email, most companies then have the legally defined response days from the date the email was opened.
Lastly, a company may make an extension request that doubles the amount of time they have in order to respond. This varies across jurisdictions.
This is a tricky question that depends on where you live. The most common data rights being fought for are:
These rights are not guaranteed for everyone around the globe. For full detail as to what rights you have as a citizen of the United States, you can view the US State Comprehensive Privacy Law Comparison by the International Association of Privacy Professionals (IAPP).