GitHub Disclosed User Data in 84% of Government Requests

From January to June 2023, the IT project hosting platform GitHub received and processed 256 government requests for user data from around the world, according to the platform’s transparency report. These requests affected 550 user accounts.

“We carefully review all requests to ensure they comply with our policies and legal requirements, and we reject those that do not,” the service’s website explains.

In 216 out of 256 cases (84%), GitHub disclosed information:

“When disclosing information, we never provide private individuals’ content or personal data unless required by a search warrant. We also notify users when their information is disclosed in response to a legal request, unless prohibited by law or court order.”

Requests to Remove Content

In the first half of 2023, GitHub received 10 government requests to remove content, of which 7 were processed. Three of these requests, made under local law, came from Russia.

“GitHub sometimes receives government requests to remove content considered illegal in their jurisdiction. Where possible, we limit removal to only the jurisdiction where the content is illegal, and we publicly disclose official requests in our relevant repository,” states the GitHub Transparency Center.

Additionally, Russia submitted three more requests under GitHub’s Terms of Service. The United States submitted one request, India two, and Singapore one. GitHub’s Acceptable Use Policy covers areas such as user safety, copyright, and more.

DMCA, Automated Scanning, and Appeals

GitHub also processes requests under the U.S. Digital Millennium Copyright Act (DMCA). The platform received 1,086 DMCA-related notices.

GitHub uses automated scanning to detect abuses such as images of child sexual exploitation and abuse. Automated scanning identified two such cases, and staff submitted 12 reports to the National Center for Missing & Exploited Children.

GitHub accepts appeals regarding content removed by moderators. The platform hid 9,735 accounts, later reinstating 256 of them. Access was restricted to 4,151 accounts, with access later restored to 101. Additionally, 169 accounts were partially reinstated.