Requests for
User Data

Jan – Jun 2016

Total User Data Requests

Jan – Jun 2016

Percentage of Times Information Produced

Freedom of speech is essential to the Wikimedia movement—our projects cannot flourish in an ecosystem where individuals cannot speak freely. Our users trust us to protect their identities against unlawful disclosure, and we take this responsibility seriously.

However, every year, governments, individuals, and corporations ask us to disclose user data. Often, we have no nonpublic information to disclose because we collect little nonpublic information about users and retain that information for a short period of time. But when we do have data, we carefully evaluate every request before considering disclosure. If the requests do not meet our standards—if they are overly broad, unclear, or irrelevant—we will push back on behalf of our users.

If we must produce information due to a legally valid request, we will notify the affected user before we disclose, if we are legally permitted and have the means to do so. In certain cases, we may help find assistance for users to fight an invalid request.

Below, you will find more information about the requests for user data we receive.

We need to codify our values and build consensus around what we want from a free society and a free Internet. We need to put into law protections for our privacy and our right to speak and assemble.

Jan – Jun 2016

Total User Data Requests 13
Informal non-government requests 7
Informal government requests 6
Civil subpoenas 0
Criminal subpoenas 0
Administrative subpoenas 0
Search warrants 0
Court orders 0
National security requests 0
Information produced 0

Jan – Jun 2016
User accounts affected

User accounts potentially affected 14
User accounts actually affected 0
User accounts notified 0

Type of information requested

We divide the requests we receive by the type of information requested: “content” or “non-content.”

Most content information on the Wikimedia projects is the public content of articles and project pages; “non-content” information refers to information such as IP addresses or user agent information. The distinction comes from the Electronic Communications Privacy Act, or ECPA. Please see our FAQ for more information.

Jan – Jun 2016

Content requests

Jan – Jun 2016

Non-content requests

Compared to other companies, we received relatively few requests*

Total requests

Requests where information was produced


Due to the inconsistent release dates across different organizations, comparison data for the period covered by this report (January 2016 - June 2016) was not available, so we are presenting the comparison data above for July 2015 - December 2015. Please also note that figures for Wikimedia include additional types of requests for user data that are not included in the other organizations' figures. See the FAQ for more details.

Requests for user data, and how we responded

Request TypeShow All

Information Produced?






By CountryShow All

Jan – Jun 2016
Government requests breakdown

Informal Government Requests Total 6
Australia State police 1
France Local police 1
Germany Local police 1
India Local police 1
Italy Judicial police 1
United Kingdom Politicians, candidates, & political parties 1

Jan – Jun 2016

Total number of disclosures

Emergency Disclosures

We report two types of emergency disclosures, which happen on rare occasions. First, the Electronic Communications Privacy Act provides an expedited process for law enforcement to request user data from websites in cases of immediate threat to life or limb. Such requests are also addressed in our Requests for User Information Procedures & Guidelines and Privacy Policy. Second, we proactively contact the authorities when we become aware of troubling statements on the projects, such as suicide threats or bomb threats. We take these statements seriously and assess each one individually, contacting law enforcement as appropriate to help resolve the issue.

The stories below are real. They are also meant to be illustrative of the kinds of situations that would warrant a possible emergency disclosure of user information. Please note that these specific stories may not have occurred during the precise time frame that this transparency report covers. Some variables, such as the privacy of our users, may require our postponing the reporting of certain stories.

A Deadly Threat

The community shares threats with the Foundation when they find them. When an anonymous poster made an alleged bomb threat, we found that the edit was made from an IP address that was near the apparent threat location. As permitted by our privacy policy, we alerted local police, passing on the IP address and details we had about the threat. The police informed us they had located and arrested the person in question, who allegedly had weapons available and reportedly confessed.

Revealing Presidential Threats

On rare occasions we discover threats against public figures. This is uncommon, but something that happens on large websites. An individual had made specific, graphic threats against President Barack Obama. This is contrary to our policies, and against U.S. law. In cases of potential serious harm to a person, our Privacy Policy allows us to disclose relevant information. We immediately took action, reporting the user’s IP address, user agent information, and email address to the United States Secret Service.

Dealing with Suicide

Authorities advise contacting emergency services when a loved one threatens suicide. When someone shared what appeared to be a credible intent to commit suicide, we notified their local police department. The person was able to get medical help, and later let us know they were okay. If you are considering suicide, please seek out a mental health professional immediately. You can also contact emergency services; visit an emergency room or psychiatric walk-in clinic; or call a suicide prevention hotline.

Emergency disclosures by type