Government Requests for User Data
Fiscal Year 2023
(December 2022 - November 2023)
Last Updated: February 14, 2024
Overview
Adobe, like all hosted service providers disclose user data in response to government requests n accordance with applicable law and our General Terms of Use. Since 2014, we have published this report annually to promote transparency and accountability for Adobe’s practices and policies, and for the legal process (“requests” or “legal requests”) we receive from governments around the world.
Our Policies and Process
Every request we receive is carefully reviewed by the Adobe Trust & Safety team to ensure that the relevant government agency is entitled to the data they seek with the type of process they have obtained.
Enterprise Customer Data: The overwhelming majority of requests to Adobe seek individual user data. In the rare instance where Adobe receives a request targeting disclosure of enterprise customer data, consistent with U.S. Department of Justice policy, Adobe always seeks to redirect the government agency to obtain the data directly from the enterprise.
Notice: Our law enforcement guidelines include providing advanced notice to the targets of a legal request unless we are legally prohibited from doing so by a nondisclosure order. When we can’t provide advanced notice because of a time-limited nondisclosure order, we provide notice to the user whose information was disclosed when the nondisclosure provision expires. Ultimately, we provide notice for all requests.
Sometimes, Adobe receives nondisclosure orders that are permanent (i.e., they expressly never expire) or indefinite (i.e., they say they will expire 'on further order of the court'). Permanent or indefinite gag orders are unconstitutional prior restraints on speech, and we challenge them in court.
No Backdoors: Adobe has not built ‘backdoors’ for any government – foreign or domestic – into our products or services. All government requests for user data need to come through the front door (i.e., by serving valid legal process upon the appropriate Adobe entity). Adobe vigorously opposes legislation in the U.S. and overseas that would in any way weaken the security of our products or our users’ privacy protections.
More information on our law enforcement guidelines, including how to serve us with legal process, can be found here.
This report includes the following information on all the government requests we’ve received over the course of our fiscal year 2023 (“FY 2023”):
(1) A breakdown of the requests and how we responded
(2) The products and services to which they relate
Notable Insights
Over the years, the total number of requests for data Adobe has received has remained relatively low compared to other hosted service providers.
Most of the legal process we have received are related to online child safety and financial fraud investigations:
- 27% (54 out of the 197 total requests we received) of legal requests from the last fiscal year were follow-ups to CyberTips we’ve sent to the National Center for Missing and Exploited Children (read more on Adobe’s commitment to child safety here)
- 28% (56 out of the 197 total requests we received) related to investigations of possible fraudulent purchases of Adobe’s goods or service
- 75% (42 out of 56 fraud requests received) where some data was disclosed through voluntary disclosures, to which Adobe is also the victim of a fraudulent purchase.
National Security Requests: To date, Adobe has not received any form of national security process, such as a National Security Letter (NSL) or Foreign Intelligence Surveillance Act (FISA) order. For a more detailed breakdown of our requests, see the “Metrics” section below.
|
|
Number of requests |
Number of accounts subject to request |
Number of accounts some data was provided |
|---|---|---|---|
|
Hungary |
1 |
0 |
0 |
|
Czech Republic |
1 |
1 |
0 |
|
France |
3 |
4 |
1 |
|
Germany |
53 |
46 |
37 |
|
India |
1 |
0 |
0 |
|
Ireland |
2 |
1 |
1 |
|
Italy |
1 |
1 |
0 |
|
Luxembourg |
1 |
0 |
0 |
|
Poland |
2 |
1 |
0 |
|
Serbia |
1 |
1 |
0 |
|
South Korea |
6 |
4 |
4 |
|
Spain |
9 |
8 |
4 |
|
UK |
3 |
2 |
0 |
|
Total |
84 |
69 |
47 |
U.S. Requests
Type of request |
Number of requests |
Number of accounts subject to request |
Number of accounts some data was provided |
|---|---|---|---|
|
Subpoena |
53 |
85 |
83 |
|
Court order |
5 |
93 |
93 |
|
Search warrant |
53 |
68 |
61 |
|
Imminent harm |
2 |
1 |
1 |
|
Total |
113 |
247 |
238 |
Nondisclosure orders ("NDOs")
Adobe's response |
Rationale |
Number of NDOs |
|---|---|---|
|
NDOs accepted |
Time-limited NDOs (no push-back/objection needed) |
76 |
|
Time-limited after we objected |
5 |
|
|
NDOs rejected |
Nondisclosure removed altogether after our objections |
18 |
|
Request withdrawn (no data provided) due to pushback on indefinite nondisclosure |
0 |
|
|
Total NDOs received |
81 |
Government requests by service |
Number of requests |
|
Adobe ID or Adobe Subscriptions |
187 |
|
Creative Cloud |
1 |
|
Photoshop |
1 |
|
Lightroom |
1 |
|
Sign |
3 |
|
Unable to identify a user* |
3 |
|
Total |
197 |
*If we are unable to find an account associated with an identifier, then we cannot tie the request back to any specific product