Search

WordPress.com Transparency Report – Jul – Dec 2021

Download Full Report

Chapters

Government Information Requests

Summary

WordPress.com routinely receives requests for information about our users from government agencies around the world. In emergency cases, when permitted by law, we may voluntarily disclose limited user data. In all other cases, we do not voluntarily grant government agencies access to user data for law enforcement, intelligence, or surveillance purposes. We will only disclose user information in response to valid legal process, issued by a U.S. authority. The scope of user information disclosed is dependent on the type of legal process received. For more information on our requirements for information requests, please see our legal guidelines.

Evaluating Government Information Requests 

We will disclose user information only in response to valid legal process such as a subpoena, search warrant, or court order issued by a U.S. authority, in accordance with the Federal Rules of Criminal Procedure, the Federal Rules of Civil Procedure, and/or California state law.

We carefully review all legal process we receive to ensure it is complete and valid. We are unable to process overly broad or vague requests for information. The request must specifically include identifying information such as the relevant URL, email address, or username at issue. For more information on our requirements for information requests and what data may be disclosed, please refer to our legal guidelines.

Additionally, if a request or inquiry highlights a potential violation of our policies or Terms of Service, we will review it in accordance with our standard enforcement procedures. 

Emergency Requests

As permitted by US law, we may voluntarily disclose user information to government or law enforcement agencies if we have a good faith belief that there is an emergency involving imminent danger of death or serious physical injury which requires disclosure of information related to the emergency without delay

For detailed information about emergency requests, and how an emergency request can be submitted, please refer to our legal guidelines.

User notification

It is our policy to notify users, and provide them with a copy of any legal requests regarding their account or site (including formal requests for private information), unless we are prohibited by law or a court order from doing so.

You can learn more about our policies and procedures for handling government, and private information requests in our legal guidelines.

CountryNumber of requestsPercentage of requests where some or all information was producedNumber of accounts specified
Argentina10%1
Australia10%1
Austria10%1
Brazil10%1
Chile10%1
France60%5
Germany20%2
India8*0%9
Italy30%4
Poland20%2
United Kingdom10%1
United States26*92%46
Total53**45%74
* Includes valid emergency requests if any were received during this period.
** Includes information provided when a valid MLAT request has been made.
SubpoenasCourt ordersSearch warrantsWiretap ordersPen register ordersEmergency requests
81%0%15%0%0%4%
Please note that percentages may not add up to a total of 100% due to rounding.

Recent Examples

Here are a few recent examples of requests for user information that we received from government sources. We did not provide information in response to any of these requests.

France

  • A police department in France requested detailed information about the author of a site critical of the mayor of local municipality, and the alleged mismanagement of public services stating it was “defamation towards individuals.” No valid legal process was provided.

India

  • A police department in India requested the takedown of a site, and detailed information about the author who had published allegations of fraudulent activity within the Indian antique business. They stated it could “spoil the reputation” of a company and its CEO. No valid legal process was provided.

Italy 

  • A police department in Italy requested detailed information about the authors of multiple posts, published on multiple sites, containing conjecture about the romantic attachments of an Italian actress to a Chilean-American actor, an Italian actor, and an Italian tennis player. They provided no additional explanation and no valid legal process.

Next Chapter

Government Takedown Demands

Government Takedown Demands

Summary

WordPress.com routinely receives content removal requests from governments and law enforcement agencies worldwide. These requests may allege that the reported content is in violation of local law(s), or the agency may ask us to review the reported content against WordPress.com policies or Terms of Service. The Transparency Report contains data on all government agency removal requests for each 6 month period.

Evaluating Government Takedown Requests 

We carefully review all government takedown requests, and are unable to process overly broad or vague requests. Court orders must be submitted in accordance with our legal guidelines, and takedown requests must clearly identify the content in question.

We first review any reported content in accordance with our policies or Terms of Service. The percentage of requests where content was removed does not include cases where content was removed for violating our policies or Terms of Service

We do not remove reported content if it does not violate our policies or Terms of Service, however we may restrict content where it is alleged to be in violation of local law(s). See the Content Restrictions section below for more information. 

Content Restrictions 

When we receive a government-mandated demand or order to block access to content in a country due to alleged violation of local law(s), but the content does not breach WordPress.com policies or Terms of Service, we may geographically restrict access to that content for users and visitors with IP addresses originating from that country. For more details about takedown demands that result in geoblocking, see our country blocks page.

Where content has been geographically restricted, we provide users of the affected URL or site with a notification that the content has been restricted, the impacted country, and the authority that requested the content block.

CountryCourt ordersRequests from government agencies or law enforcementNumber of sites specifiedPercentage of requests where content was removed due to a violation of our policiesPercentage of requests where content was removed solely in response to the demand
Australia02350%0%
France06550%0%
Germany0220%0%
India04425%0%
Italy0110%0%
Japan0110%0%
Mexico0110%0%
Netherlands0110%0%
New Zealand011100%0%
Pakistan171125%25%
Poland012100%0%
Republic of Korea02250%0%
Russia01368454%32%
Spain0110%0%
Turkey2102124%48%
United Kingdom0110%0%
United States22525%25%
Total2416914647%29%

For demands that come from Pakistan, Russia, and Turkey, we geoblock the specific content or site(s) at issue, so that WordPress.com remains otherwise accessible in the country. You can read a bit more about our approach to those kinds of takedown demands here.

Recent Examples

Here are a few recent examples of takedown demands that we received:

United States

  • A representative of the State of Alaska requested we takedown a site that has content alleging state trooper corruption.

Russia

  • The Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (ROSKOMNADZOR) demanded the removal of a post about freestyle soccer balls from a personal blog site.

Pakistan

  • The Pakistan Telecommunication Authority demanded the removal of a post from a site that contains content critical of the Pakistani government.

 

Next Chapter

Intellectual Property

Intellectual Property

Our staff carefully reviews each DMCA takedown notice we receive, for accuracy and validity, before content is removed. Each notice may cover more than one site and/or piece of content. Some notices identify dozens of allegedly infringing materials. In the future, we’ll aim to provide more specific data on the number of sites affected and items removed.

We forward formally complete DMCA takedown notices to users, regardless of whether or not we decide to remove content.

You can learn more about our process for reviewing and acting on copyright complaints here, and about how to correctly submit a DMCA complaint or counter notice here.

MonthTotal notices receivedPercentage of notices where some or all content was removedPercentage of notices rejected as incompletePercentage of notices rejected as abusiveCounter notices received
July66616%78%6%0
August65129%67%3%6
September65822%71%6%4
October46221%74%5%2
November61913%82%5%1
December51122%74%5%0
Total3,56720%74%5%13

Notes

  • The table above indicates the number of copyright infringement notices we received during each month of the reporting period. Each notice may cover more than one site and/or piece of content. Some notices identify dozens of allegedly infringing materials. In the future, we’ll aim to provide more specific data on the number of sites affected and items removed, as those numbers are substantially greater and more accurately represent the impact of DMCA notices than the number of individual notices received.
  • The “percentage of notices where some or all content was removed” includes those notices which were formally complete, but the site was suspended for a separate violation of the WordPress.com Terms of Service and/or User Guidelines. (Spam or “warez” sites, for example.) If we counted these as rejected notices, the “percentage of notices where some or all content was removed” would be much lower.
  • Before taking action, we carefully review each notice to ensure it’s formally complete, and includes all information required by the DMCA. Notices that don’t meet the requirements of the statute are included in “notices rejected as incomplete.”
  • We also may decline to remove content if a notice is abusive. “Abusive” notices may be formally complete, but are directed at fair use of content, material that isn’t copyrightable, or content for which the complaining party misrepresents ownership of a copyright. You can see some examples of notices we’ve rejected on grounds of abuse in our Hall of Shame.
  • We forward all formally complete notices to users, regardless of whether we process them.
  • Under the DMCA, a user can formally challenge a notice of copyright infringement by submitting a counter notice. When we receive a counter notice, we forward a copy to the individual who submitted the original DMCA notice, then restore access to the content if no further action is taken. During this reporting period, only 1.78% of the valid DMCA notices we received were later subject to a counter notice.

Top Complainants (Jul – Dec 2021)

Reporting OrganizationsNumber of Notices
Comeso GmbH2,368
RightsHero264
Attributor259
DMCA Pro214
DMCA Force145
Aiplex139
Axghouse90
MarkScan76
Group-IB63
Red Points62

Notes

  • The numbers above represent the total notices submitted by different organizations over the relevant period. These are grouped by the originating e-mail address. While we do our best to group complainants together, the total number of notices submitted per copyright holder may be greater than shown above if multiple e-mail addresses were used for the submissions. Notices received may be sent on behalf of a number of different copyright holders utilizing a shared third party agent, and relate to a number of different websites.
  • We receive duplicate notices from multiple “Top Complainants” targeting previously assessed or removed content. The duplicate notices have been counted towards the total of incomplete notices.
  • The totals reflected here for Comeso GmbH may not be represented with a high degree of accuracy. This is due to the inordinate volume of duplicate notices and followups received from them, targeting previously assessed or removed content.

Trademark

Our staff carefully reviews each trademark complaint we receive, for accuracy and validity, before content is removed. Each notice may cover more than one site and/or piece of content. Some notices identify dozens of allegedly infringing materials. In the future, we’ll aim to provide more specific data on the number of sites affected and items removed.

We forward substantive trademark complaints to users, regardless of whether or not we decide to remove content.

You can learn more about how to correctly submit a trademark complaint here.

MonthNumber of notices receivedNumber of notices where some or all content was removedPercentage of requests where some or all content was removed
July70811%
August881416%
September841012%
October10066%
November17185%
December13243%
Total645508%

Notes

  • Unlike the DMCA for copyright infringement, there isn’t a statutory prescribed process for notice/take-down of alleged trademark infringement, nor is there a statutory safe harbor for hosting alleged trademark infringement.
  • For each report of trademark infringement we receive, we evaluate whether or not the trademark is used in an infringing manner.
  • Simply referencing a company, brand, product, or service in a WordPress.com post does not constitute infringement. Anyone is free to use a trademark if it’s necessary to identify a company, brand or product for the purposes of criticism or commentary.
  • Most of the infringement allegations we see are from trademark owners attempting to censor a user’s comments or criticisms of their brands or companies. We reject these complaints and forward them on to users so that they can make fully informed decisions regarding the content.
  • “Percentage of requests where some or all content was removed” does not include cases where content was removed for violating our Terms of Service. For example, after viewing the site, we may remove it for reasons relating to spam regardless of the validity of the trademark claim.
  • Unique complainants are grouped by the complainant’s e-mail address, and so the total number of notices submitted per unique trademark may differ.

Next Chapter

National Security

National Security

The table below summarizes the National Security Requests we received during the six-month periods between January 1, 2010 – Dec 31, 2021. “National Security Requests” include National Security Letters and FISA court orders.

Six-month period National Security Requests receivedUser accounts affected
2021: Jul 1 – Dec 31None.None.
2021: Jan 1 – Jun 30None.None.
2020: Jul 1 – Dec 31None.None.
2020: Jan 1 – Jun 30None.None.
2019: Jul 1 – Dec 311-2491-249
2019: Jan 1 – Jun 30None.None.
2018: Jul 1 – Dec 31None.None.
2018: Jan 1 – Jun 30None.None.
2017: Jul 1 – Dec 31None.None.
2017: Jan 1 – Jun 30None.None.
2016: Jul 1 – Dec 310-2490-249
2016: Jan 1 – Jun 30None.None.
2015: Jul 1 – Dec 31None.None.
2015: Jan 1 – Jun 30None.None.
2014: Jul 1 – Dec 31None.None.
2014: Jan 1 – Jun 30None.None.
2013: Jul 1 – Dec 31None.None.
2013: Jan 1 – Jun 301-2495-249
2012: Jul 1 – Dec 312-2499-249
2012: Jan 1 – Jun 30None.None.
2011: Jul 1 – Dec 31None.None.
2011: Jan 1 – Jun 30None.None.
2010: Jul 1 – Dec 31None.None.
2010: Jan 1 – Jun 302-2492-249

We are pleased to report that we received no National Security Requests in 2011, 2014–2015, 2017–2018, and 2020–2021.

For other periods, we don’t think the disclosures allowed by current Justice Department rules allow us to paint a truthful picture. Reporting National Security Requests in bands of 250 obfuscates rather than clarifies the volume of National Security Requests we and other small tech companies receive. While the disclosure regime may work well for larger companies with a high volume of requests (like the ones that worked with the Justice Department to craft these rules), they do not work well for smaller companies like Automattic.

Twitter’s (now known as X) 2014 lawsuit against the Justice Department — to disclose full, truthful information about the number of National Security Requests they received — was dismissed in 2020. However, we fully agree with their position in this lawsuit and joined with other companies to file this amicus brief to support their case.

By preventing us from sharing a more precise number of requests, the current disclosure rules diminish the trust that our users place in us and our services. For now, we are disclosing the maximum amount of information allowed by law.

It is our policy to invoke the “reciprocal notice” procedure in 18 U.S.C. § 3511 for any National Security Letters (NSLs) served on Automattic. This process ensures that a court will review all nondisclosure restrictions issued with NSLs we may receive. If and when a nondisclosure restriction is lifted, our policy is to share the contents of the NSL with any affected users (where possible), and publish a redacted version of the NSL.

In 2017, we shared some information about the process we followed to lift the nondisclosure restrictions associated with five NSLs received in previous years and provided copies of our correspondence with the government on this subject here. We hope this information will be useful to other companies who may wish to take advantage of the legal options that are currently available to challenge NSL nondisclosure orders.

Based on our correspondence with the U.S. government, we’ve developed a form reciprocal notice request here in Google Docs format. If your company has received an NSL in the past, and you would like the government to review the letter’s nondisclosure requirement, this form may be useful to you.

Next Chapter

Privacy Reports

Privacy Reports

The information below represents the number of requests we have received from users exercising their privacy rights between July 1, 2021 and December 31, 2021. We honor users’ requests to access the data we have collected about them, to delete data we have collected about them, and to opt out of having their data sold (through the operation of our advertising program).

Access Requests

Notes

  • Automattic honors Access Requests received from any source or location. It does not restrict Access Requests to individuals residing in the EU or California. Automattic has never denied an Access Request from one of its users.
  • We do not require individuals who submit Access Requests to disclose their location as part of their request. The geographic numbers reported above are our best guess as to which region/law a request is submitted under.

Deletion Requests

Notes

  • The deletion of data is tied to our account closure process, which is always self-service and can only be triggered by the logged in account owner or administrator. Because the process is self-service, we do not have data on the full number of users who desired to delete their personal information from our service. The above numbers only represent the total number of deletion requests opened privately with our support team.
  • Because deletion is self-service, Automattic does not deny deletion requests for any verified and logged in account owners. Deletion requests submitted to support are occasionally denied when an individual has lost access to their account and is unable to verify their ownership.
  • Automattic vigorously defends the speech rights of its site owners. We do not honor deletion requests submitted by third parties in an attempt to censor the content published on our service unless the content is found to violate our Terms of Service. We will, upon request of the third party, pass complaints on to site owners (who are the controllers of the data published on their own site).
  • When an account is closed we retain the account data for 30 days, then fully purge it from our systems. For this reason, the length of time it takes to honor a deletion request is always 30 days.

Requests to Opt Out of Data Sales

Notes

  • We show ads on some of our users’ sites as well as some of our own sites, and the revenue these ads generate lets us offer free access to some of our Services so that money doesn’t become an obstacle to having a voice. As part of our advertising program, we and our users use cookies to share certain device identifiers and information about browsing activities with our advertising partners. These disclosures may be considered a “sale” of information under the CCPA.
  • Opting out of personalized ads is a self-service request that is automatic and immediate. For this reason, the average duration of time to honor an opt-out request is always zero (0) days.

Next Chapter

IRU Reports

IRU Reports

Summary

Reports from dedicated government Internet Referral Units (IRUs) are one important way that extremist sites are brought to our attention.

Like most online hosts, we do not pre-screen the content that our millions of users post to our services. We evaluate reports of content that go against our User Guidelines or Terms of Service, and we take some measures to proactively find spam or other abusive content that’s posted to our services. We try to make the process for reporting abusive or illegal sites as transparent and simple as possible. If you see a site that you think violates our policies, please report it to us here.

One category of content that has been a focus for law enforcement and all internet companies—including Automattic—is terrorist or extremist propaganda.

Policies Against Extremism

We have worked in conjunction with experts in online violent extremism, such as GIFCT and Tech Against Terrorism, as well as law enforcement to develop policies that specifically address terrorist propaganda. You can view our policies here. In short, we suspend websites that call for violence or that are connected to officially designated terrorist groups (per the US Treasury’s OFAC list).

We also have other measures that we implement for sites, short of removal. For example, we may flag content and remove the site from the WordPress.com Reader, making the site’s content more difficult to find. Flagging a site in this way also removes it from all advertising programs that we run.

Site Reporting

Internet Referral Units (IRUs) are organizations that have expertise in online propaganda that private technology companies are not able to develop on their own, and they work to identify sites that are being used by known terrorists to spread propaganda or to organize acts of violence. We created a dedicated email address at which they can send their reports, allowing us to more easily identify these reports coming from a trusted source. We work to evaluate and act on reports of terrorist content as quickly and accurately as possible.

We do not automatically remove websites from WordPress.com; a (human) member of our Trust & Safety team reviews each report and makes a decision on whether it violates our policies.

One important reason we review each report is to guard against the removal of material posted to legitimate sites (e.g., news organizations or academic sites) that discuss terrorism or terrorist groups. We host sites for a number of very large news organizations, news bloggers, academics, and researchers who all publish legitimate reporting on terrorism. Thus, context is critical. Though the reports published may be legitimate, some of the materials may qualify as terrorist propaganda and would normally be removed under our policies. Although it involves some work to review each report we receive, we do it because we take the task of protecting legitimate speech seriously.

Monthly breakdown

MonthNumber of notices receivedNumber of notices where sites/content were removed as a resultPercentage of notices where sites/content were removed as a result
July000%
August000%
September000%
October11100%
November2150%
December11100%
Total4375%

By origin

Reporting originNumber of notices receivedNumber of notices where sites/content were removed as a resultPercentage of notices where sites/content were removed as a result
Europol3266%
United Kingdom11100%
Total4375%

Next Chapter

Country Block List

Country Block List

Summary

WordPress.com frequently receives demands from a growing list of nations to remove content that they believe violate a set of vague and seemingly arbitrary censorship laws.

In some cases, the demands are initiated by government bureaucrats, without oversight from a judge or other neutral body, and other times they come in the form of court orders with no realistic chance of appeal. Unfortunately, we must swiftly respond to these demands in order to ensure that WordPress.com is not blocked by a government or ISP for an entire country or region.

This is not just a theoretical concern, as we have experienced this kind of country-wide block in both Turkey and Russia as a result of our refusal to comply with takedown demands.

If a reported site does not violate our policies or Terms of Service (for selling controlled substances or publishing spam, for example), we try to take the most limited and transparent actions available: blocking the content so that it is unavailable only in the specific region involved, and also blocking the minimum amount of content possible.

WordPress.com takes this action with the goal of protecting all of the other 100+ million WordPress.com sites. When a visitor with an IP address originating from the country in question tries to view one of the blocked sites, we display a variation on the following message (in both English and where possible, an appropriate language):

The above example is shown to users in Russia, which links to an EFF article on Russian censorship and official lists of the censored material. Users may also find our guide to bypassing Internet restrictions helpful.

We forward all takedown demands to the site owners involved. However, in an effort to be more transparent about the sites that are subject to this kind of geoblock, we have compiled details on the various site-wide blocks in place. The lists contain site URLs, as well as the date and time (UTC) that the block was recorded in our system.

October 2021

CountryNumber of sites blocked
Azerbaijan6
Brazil2
France61
Georgia3
Germany3
India2
Kazakhstan21
Pakistan305
Russia365
Turkey501
Total1,269

To download the full list as a text file, click here.

Notes

  • Please be aware that some of the content on the below URLs may be considered offensive. We do not necessarily support or condone these websites in any way.
  • Some of these blocks predate our current blocking mechanism, and so may actually have been in place longer than the listed date.
  • Sites that were suspended for a separate violation of the WordPress.com policies or Terms of Service, or were deleted by the user, are not listed below.
  • The list does not currently include details on blocks that concern individual files or videos.
  • We receive takedown demands regularly, but the list is not updated in real time. This list was last updated on June 30th, 2021.

Previous Reports