Freedom of speech is essential to the Wikimedia movement—the projects cannot flourish in an ecosystem where individuals cannot speak freely. Our users trust us to protect their identities against unlawful disclosure, and we take this responsibility seriously.
However, every year, governments, individuals, and corporations ask us to disclose user data. Often, we have no nonpublic information to disclose because we collect little nonpublic information about users and retain that information for a short period of time. But when we do have data, we carefully evaluate every request before considering disclosure. If the requests do not meet our standards—if they are overly broad, unclear, or irrelevant—we will push back on behalf of our users.
If we must produce information due to a legally valid request, we will notify the affected user before we disclose, if we are legally permitted and have the means to do so. In certain cases, we may help find assistance for users to fight an invalid request.
Below, you will find more information about the requests for user data we receive.
This report covers requests we received between July and December, 2024. For historical data, please see our past reports.
| User accounts potentially affected | 33 |
| User accounts actually affected | 4 |
| User accounts notified | 5 |
Type of information requested
We divide the requests we receive by the type of information requested: “content” or “non-content.”
Most content information on the Wikimedia projects is the public content of articles and project pages; “non-content” information refers to information such as IP addresses or user agent information. The distinction comes from the Electronic Communications Privacy Act, or ECPA. Please see our FAQ for more information.
Origination of user information requests
| Country | Requests | Partially Complied | Fully Complied |
|---|---|---|---|
| Belgium | 1 | 0 | 0 |
| Brazil | 1 | 0 | 1 |
| Canada | 1 | 0 | 0 |
| Egypt | 1 | 0 | 0 |
| France | 2 | 0 | 0 |
| Germany | 2 | 0 | 0 |
| Greece | 1 | 0 | 0 |
| India | 2 | 1 | 0 |
| Japan | 1 | 0 | 0 |
| The Republic of South Korea | 1 | 0 | 0 |
| Russian Federation | 1 | 0 | 0 |
| Sweden | 1 | 0 | 0 |
| Taiwan | 1 | 0 | 0 |
| United States of America | 6 | 0 | 0 |
| Unknown | 1 | 0 | 0 |
Comparison of user information requested and granted
Compared to other companies, we received relatively few requests, and granted relatively low percentages.*
| Entity | Requests | Granted | % Granted |
|---|---|---|---|
| 1,409 | 746 | 53% | |
| 236,520 | 193,946 | 82% | |
| Meta | 323,846 | 248,713 | 76.8% |
| X | 18,737 | 9,897 | 52.82% |
| Wikimedia | 26 | 2 | 7.69% |
* Due to the inconsistent release dates across different organizations, comparison data for the period covered by this report (July 2024–December 2024) was not available, so we are presenting the comparison data above for January 2024–June 2024. Please also note that figures for Wikimedia include additional types of requests for user data that are not included in the other organizations’ figures. See the FAQ for more details.
User information: government requests
| Informal government requests | Government body | Requests |
|---|---|---|
| Belgium | City Police | 1 |
| Greece | Cyber Police | 1 |
| France | Judicial Police National Police | 1 1 |
| Sweden | Regional Police | 1 |
| Taiwan | State Agency | 1 |
| India | Cyber Police | 1 |
| Search warrants | Government body | Requests |
|---|---|---|
| The Republic of South Korea | District Police | 1 |
User information: emergency disclosures
We report two types of emergency disclosures, which happen on rare occasions.
First, the Electronic Communications Privacy Act provides an expedited process for law enforcement to request user data from websites in cases of immediate threat to life or limb. We call these “emergency requests”. Such requests are also addressed in our Requests for User Information Procedures & Guidelines and Privacy Policy.
Second, we proactively contact the authorities when we become aware of troubling statements on the projects, such as suicide threats or bomb threats. We take these statements seriously and assess each one individually, contacting law enforcement as appropriate to help resolve the issue. We call these “voluntary disclosures”.
Voluntary disclosures
| Terrorist threats | 4 |
| Suicide threats | 1 |
| Individual threats | 19 |
Emergency requests
| Emergency requests | 1 |
User information: preservation requests
Occasionally, we receive a preservation request from the U.S. government under the Electronic Communications Privacy Act. A preservation request is an order to retain information that would otherwise be deleted, anonymized, or aggregated within 90 days, according to our Data Retention Guidelines. If we receive one of these requests, we are legally required to retain the specific information indicated. However, we will not turn this information over to the requesting party unless they subsequently follow our Requests for User Information Procedures & Guidelines, and obtain a legal order, such as a subpoena or warrant, for the information in question.
Here, we provide the number of new preservation requests we received during the period covered by this report.
Photo credits
TR-2024-2-requests-for-user-information
Wikimedia Foundation
TR-2024-2-Map-origination-of-user-information-requests
Wikimedia Foundation
TR 2024-2-Comparison circles of user information requested and granted
Wikimedia Foundation
TR 2024-2-User information voluntary and emergency disclosures
Wikimedia Foundation