Transparency Report Reporting Period: January 1, 2022 to June 30, 2022

Government Demands for User Data

In the Reporting Period, Mozilla received the following.

Legal Processes Received User Data Produced
Search Warrants 0 0
Subpoenas 4 1
Court Orders 0 0
Wiretap Orders 0 0
Pen Register Orders 0 0
Emergency Requests 0 0
National Security Requests 1 0-249 0-249

Government Demands for Content Removal

In the Reporting Period, Mozilla received 1 government request for content removal from our services.

Requesting Country Requests Received Items Removed Items Geographically Restricted
Brazil 1 0 2

Takedown Requests

In the Reporting Period, we received five Copyright Takedown Notices and one Counter Notice.

Mozilla Service Takedown Notices Counter Notices Items Removed
Firefox Add-ons 5 1 4
Pocket 0 0 0
Other Services 0 0 0

Trademark

In the Reporting Period, we received nine Trademark Takedown Notices and one Counter Notice (note that takedown notices can target more than one item).

Mozilla Service Takedown Notices Counter Notices Items Removed
Firefox Add-ons 8 1 68
Pocket 1 0 1
Other Services 0 0 0

Other Content Removal Requests

In the Reporting Period, we received two content removal requests from private actors (i.e. companies or individuals) based on grounds other than copyright or trademark.

Mozilla Service Takedown Notices Counter Notices Items Removed
Firefox Add-ons 2 0 7
Pocket 0 0 0
Other Services 0 0 0

Personal Data Requests

In the Reporting Period, we received 10,716 requests.

Service Received
Mozilla 7,842
Pocket 2,874

Targeted Advertising Disclosures

In the Reporting Period, and during the time we started targeted advertising, we have placed the following targeted advertisements.

Mozilla

Firefox

Mozilla VPN

Pocket

Mozilla Foundation Ads

Issue Advertising

Supplement

During the course of this reporting period, Mozilla continued its efforts to provide our users with strong privacy and security protections through public policy engagements. In the European Union, we ramped up our work on the eIDAS legislation, which threatens web security by placing a ceiling on the security standards. This included delivering a technical briefing to the European Parliament, engaging with civil society allies, and launching a public campaign to drive awareness of the risks posed by the issue. We also published an open letter by 38 cybersecurity experts that highlighted the flaws with Article 45 and which received significant attention. We also held a workshop for Mozilla’s OpenDoTT Fellows on website security and the various interventions we’ve led around the world in Kazakhstan, Mauritius, and Europe on defending our root store programs. We once again supported the Computer, Privacy, and Data Protection conference as a premier sponsor. In addition to sponsoring the conference, we organised our own panel discussion on privacy preserving advertising, which also received media coverage. We also continued our work on advertising transparency in the Digital Services Act (DSA) and the EU Code of Practice on Disinformation.

In the United States, we testified at a US Congressional hearing on privacy; we published a blog post detailing the testimony. In close coordination with allies, we also engaged on ad transparency and researcher access with the Federal Trade Commission (FTC) and Congress. In the United Kingdom, we continued our work on privacy preserving advertising and mitigating online tracking via submissions and conversations with the Competition and Markets Authority (CMA) and the Information Commissioner's Office (ICO). In India, we were quoted in the Financial Times on contact tracing apps and the risks they pose to civil liberties, based on our previous work on India’s contact tracing app and its open sourcing. We also engaged on India’s CERT-In regulations surrounding vastly expanded data retention requirements for VPN service providers. In the Philippines, our outreach (working closely with the community) played a role in the vetoing of the SIM Card Registration Act which mandated that ‘social media platforms’ (which were very vaguely defined) verified the identity of real world users. In the African continent, we also ramped up our Lean Data Practices work by taking our online course to new audiences from the startup ecosystem.

Voluntary Threat Indicators & Data Disclosures

Type of Disclosure Number of Disclosures
Cybersecurity Threat Indicator 0
Other Specific User Data Disclosure 0