Transparency Report Reporting Period: January 1, 2021 to June 30, 2021

Government Demands for User Data

In the Reporting Period, Mozilla received the following.

Legal Processes Received Data Produced
Search Warrants 1 0
Subpoenas 4 1
Court Orders 2 1
Wiretap Orders 0 0
Pen Register Orders 0 0
Emergency Requests 0 0
National Security Requests 1 0-249 0-249

Government Demands for Content Removal

In the Reporting Period, Mozilla received 0 government requests for content removal from our services.

Requesting Country Requests Received Data Produced
N/A 0 N/A

Trademark

In the Reporting Period, we received 4 Trademark Takedown Notices and 0 Counter Notices.

Mozilla Service Takedown Notices Counter Notices
Firefox Add-ons 4 0
Pocket 0 0
Other Services 0 0

Personal Data Requests

In the Reporting Period, we received 4,199 requests. *

Service Received
Mozilla 2,603
Pocket 1,596

* This number was corrected on January 7 2022, adding 280 requests for Mozilla that had been omitted because of an error.

Supplement

Legislative Reform

During the course of this reporting period, Mozilla continued its efforts to provide all of our users with strong privacy and security protections. Globally, we concluded our comment period for our deployment of DNS over HTTPS (DoH) and the Trusted Recursive Resolver (TRR) program within Firefox, including releasing the comments we received publicly. In response to feedback during the consultation, we also relaxed the blocklist publication requirement. On encryption, we responded to the public consultation for proposed changes in the ICT Act by the Government of Mauritius that would require users and ISPs to support breaking HTTPS on the internet for content blocking. In response to widespread pushback from industry and civil society, the government of Mauritius distanced itself from the proposal and said it would reevaluate (French, translated) the idea.

In India, we submitted our comments on the second public consultation held by the Ministry of Electronics and Information Technology (MeitY) on the draft report on non-personal data regulation. Our submission applauded the positive changes from the first draft but also highlighted the need to mitigate risks to privacy, clarify community data, and pass a comprehensive data protection law. We also highlighted how India’s new intermediary liability rules will harm the open internet, focusing on the weakening of encryption due to traceability requirements.

Building on our work towards a more privacy preserving ads-based ecosystem, we submitted comments to the UK’s Competition and Markets Authority (CMA) on their public consultation on Google’s commitments on it’s Chrome Privacy Sandbox, advocating for improved privacy properties prior to wide scale deployment. In the African continent, we continued to advocate for strong data protection practices in the region while also serving as the trusted entity to coordinate and manage pooled resources for technical and operational support to assist the Africa Network of Data Protection Authorities. By deepening the understanding of Data Protection Authorities through collaborative capacity building, we are strengthening an initial network of over 20 DPAs across the region for enforcement of privacy and data protection, as well as sustained ethical data protection practices that can inform and shape the future of data protection across the region. In the United States, we applauded the U.S Supreme Court's decision to limit the scope of the “exceeding authorized access” provision in the Computer Fraud and Abuse Act’s (CFAA), following up on the amicus brief we submitted in July 2020.

Underscoring our longstanding thought leadership in this space, we once again supported the Computer, Privacy, and Data Protection conference as a premier sponsor. CPDP is the leading European conference on the policy and legal dimensions to data protection and privacy, and attracts thousands of attendees each year. In addition to sponsoring the conference, we organised our own high-level panel discussion that featured current and former tech regulators (that included Mozilla’s Director for Africa Mradi, Alice Munyua), while our Chief Security Officer, Marshall Erwin, spoke on a panel on ad tracking that also featured Apple CEO Tim Cook.

Voluntary Threat Indicators & Data Disclosures

Type of Disclosure Number of Disclosures
Cybersecurity Threat Indicator 0
Other Specific User Data Disclosure 2*

* Information about possible child sexual exploitation can be voluntarily reported by anyone to the National Center for Missing & Exploited Children’s (NCMEC) CyberTipline. We take this issue seriously. In the Reporting Period, Mozilla disclosed Specific User data to the NCMEC in connection with content that was uploaded to a Mozilla service and implicated child sexual exploitation.