About Apple’s Transparency Report
We believe our customers have a right to understand how their personal data is managed and protected. Apple’s Transparency Report provides information regarding government requests for customer data.
We believe our customers have a right to understand how their personal data is managed and protected. Apple’s Transparency Report provides information regarding government requests for customer data.
Apple receives various forms of legal requests seeking information from or actions by Apple. We receive requests from governments globally where we operate and from private parties.
Government request circumstances can vary from instances where law enforcement agencies are working on behalf of customers who have requested assistance regarding lost or stolen devices, to instances where law enforcement are working on behalf of customers who suspect their credit card has been used fraudulently to purchase Apple products or services, to instances where an account is suspected to have been used unlawfully. Requests can also seek to preserve an Apple account, restrict access to an Apple account or delete an Apple account. Additionally, requests can relate to emergency situations where there is imminent harm to the safety of any person. Apple may also receive requests from government agencies seeking customer data related to specific latitude and longitude coordinates (geofence) for a specified time period. Apple does not have any data to provide in response to geofence requests.
Digital Content Provider government request circumstances generally relate to law enforcement investigations where a service or content (such as an app, music item, or podcast) is suspected to violate local law.
Private party request circumstances generally relate to instances where private litigants are involved in either civil or criminal proceedings.
Types of legal requests Apple receives from the United States can be: subpoenas, court orders, search warrants, pen register/trap and trace orders, or wiretap orders.
Types of legal requests Apple receives internationally can be: Production Orders (Australia, Canada), Tribunal Orders (New Zealand), Requisition or Judicial Rogatory Letters (France), Solicitud Datos (Spain), Ordem Judicial (Brazil), Auskunftsersuchen (Germany), Obligation de dépôt (Switzerland), 個人情報の開示依頼 (Japan), Personal Data Request (United Kingdom), as well as equivalent court orders and/or requests from other countries.
The restrictions imposed by the sanctions laws generally prohibit Apple from responding to requests from countries, territories or governments sanctioned by the U.S. Department of Treasury, with the exception of requests involving exempt informational material or where prior authorization has been secured.
The type of customer data sought in requests varies depending on the case under investigation.
Device requests generally seek information regarding customers associated with devices and device connections to Apple services, for example - law enforcement investigations on behalf of customers regarding lost or stolen devices.
Financial Identifier requests generally seek information regarding suspected fraudulent transactions - for example, law enforcement investigations on behalf of customers in which a credit card was fraudulently used to purchase Apple products or services.
Account requests generally seek information regarding customers’ Apple ID accounts, such as account holder name and address and account connections to Apple services - for example, law enforcement investigations where an account may have been used unlawfully. Account requests may also seek customers’ content data, such as photos, email, iOS device backups, contacts or calendars.
Push Token requests generally seek identifying details of the Apple Account associated with the device’s push token, such as name, physical address and email address - for example, law enforcement investigations where an account may have been used unlawfully.
Emergency requests relate to circumstances involving imminent danger of death or serious physical injury to any person, and generally seek information regarding customers’ connections to Apple services - for example, instances where law enforcement believe a person is missing and in danger.
Apple has a centralized and standardized process for receiving, tracking, processing, and responding to legal requests from law enforcement, government, and private parties worldwide, from when a request is received until when a response is provided.
Government and private entities are required to follow applicable laws and statutes when requesting customer information and data. If they do, we comply with the requests and provide data responsive to the request. If we determine a request does not have a valid legal basis, or if we consider it to be unclear, inappropriate and/or over-broad, we challenge or reject it.
Any U.S. government agency seeking customer content data from Apple must obtain a search warrant issued upon a showing of probable cause. International requests for content must comply with applicable laws, including the U.S. Electronic Communications Privacy Act (ECPA). A request under a Mutual Legal Assistance Treaty or Agreement with the U.S. is in compliance with ECPA.
We have a dedicated team available around the clock to respond to emergency requests. Apple process emergency requests from law enforcement globally on a 24/7 basis. An emergency request must relate to circumstances involving imminent danger of death or serious physical injury to any person. If Apple believes in good faith that it is a valid emergency, we may voluntarily provide information to law enforcement on an emergency basis.
Apple’s Transparency Report provides data on requests and responses in the following categories:
Worldwide Government Device Requests
Worldwide Government Financial Identifier Requests
Worldwide Government Account Requests
Worldwide Government Account Preservation Requests
Worldwide Government Account Restriction/Deletion Requests
Worldwide Government Push Token Requests
Worldwide Government Emergency Requests
US-UK Data Access Agreement: Investigatory Powers Act Requests from the UK
United States Government National Security Requests
United States Government Requests by Legal Process Type
Unites States Private Party Requests for Information
United States Private Party Requests for Account Restriction/Deletion
Worldwide Government Digital Content Provider Requests
Where Apple has received requests from countries/regions, the country/region will be listed in the corresponding transparency report period. Where a country/region is not listed in Apple’s Transparency Report, Apple has not received any requests from a government/law enforcement agency from that country/region.
Apple counts requests received from government agencies within the reporting period in which they are received. Overall numbers of requests and responses are reported.
A request with a valid legal basis is processed and responded to, and is counted as one request. A request that is challenged/rejected is counted as one request. Where new legal process is submitted to amend the request, it is counted as a new request. We count each request we challenge or reject for account, account restriction/deletion, emergency, digital content provider, and United States private party requests; and report these numbers accordingly.
We count the number of discernible devices, financial identifiers, accounts and/or push tokens specified in requests, and report these accordingly by type. If there are two identifiers for one device in a request, for example a Serial number and IMEI number, we count this as one device. If there are multiple identifiers for one account in a request, for example Apple ID, full name and phone number, we count this as one account.
Requests received from a foreign government pursuant to the Mutual Legal Assistance Treaty (“MLAT”) process, Clarifying Lawful Overseas Use of Data Act (“CLOUD”), or through other cooperative efforts with the United States government are included in Apple's Transparency Report. In instances where the originating country was identified, Apple counts and reports the request under the country of origin. In instances where the originating country was not identified, Apple counts and reports the request under the United States of America.
For United States-United Kingdom Data Access Agreement (CLOUD) Investigatory Powers Act warrant requests, Apple is required by law to delay reporting by 6 months and report the numbers in ranges of 500, pursuant to 2018 No. 349.
For United States National Security requests for customer information and data, we report as much detail as we are legally allowed. Apple reports national security requests received for Apple users/accounts (National Security Letters and orders received under FISA) within ranges permissible by law pursuant to the USA FREEDOM Act of 2015 (“USA Freedom”). Though we want to be more specific, these are currently the ranges and level of detail permitted under USA Freedom for reporting U.S. National Security requests.
For United States Government Requests by Legal Process Type reporting, where two types of legal process are combined in a single request, such as a search warrant with an incorporated court order, we record the request at the highest level of legal process and the request would be reported as a search warrant. An exception is where a pen register/trap and trace order is received; this is counted as a pen register/trap and trace order, notwithstanding that it may include a search warrant.
For United States Private Party request reporting, we count requests received from private parties within the reporting period in which they are received. Overall numbers of private party requests and responses are reported.
Push Token Requests
In Transparency Report Period July 1–December 31, 2022, Apple began reporting on Push Token Requests as a separate request category. Apple was only permitted to disclose information about Push Token requests starting in this report period. Prior to this, Push Token requests were included in Account and/or Device request tables.
Digital Content Provider Requests
In Transparency Report Period January 1–July 31, 2022, Apple began reporting on Digital Content Provider Requests.
United States Geofence Requests
In Transparency Report Period January 1–July 31, 2022, Apple began reporting on Geofence Requests received in the United States. Apple does not have any data to provide in response to geofence warrants.
Beginning with the 2022 calendar year, Apple publishes government App Store takedown requests in a dedicated App Store Transparency Report that includes data showing takedown demands by government entity and law cited. See https://www.apple.com/legal/more-resources/.
For Transparency Report periods July 1–December 31, 2018 through July 1–December 31, 2021, Apple reported on Government requests to take down Apps from the App Store in instances related to alleged violations of legal and/or policy provisions. See Apple Transparency Report pages: App Removal Requests - Legal Violations and App Removal Requests - Platform Policy Violations. Apple reported appeals received pursuant to such Government requests for Transparency Report periods July 1–December 31, 2019 through July 1–December 31, 2021.
Apple supports the spirit of the Santa Clara Principles as a starting point for further conversation about content moderation in general, and refinements that will benefit both users and platforms.
For Transparency Report Period January 1 - June 30, 2018 and subsequent reports, Apple has updated the reporting methodology we are utilizing for national security reporting. In order to report FISA non-content and content requests in separate categories, Apple is required by law to delay reporting by 6 months and report in bands of 500, pursuant to the USA FREEDOM Act of 2015.