There was a point in time when the government overtook the church as the dominating institution in the collection and retention of personal data, such as recording births. These days are long past. As our analysis of both media and scientific literature has shown, the data giants of nowadays are five private companies, united by the innocuous acronym GAFAM - Google, Apple, Facebook, Amazon and Microsoft. Governments are now in a position where they are increasingly demanding access to data stored on private servers (Rubinstein, Nojeim & Lee, 2014). There are two main routes for governments to access personal data collected and stored by private companies. The first is a constant and direct access to their central servers under programs such as PRISM, as revealed by Snowden in 2013. Private companies reject this allegation of systematic access, saying they only provide data in accordance with the law after receiving data disclosure requests (Greenwald & MacAskill, 2016; Senese, Mossé, Kent & Sacquet, 2017). Through this second route, governments demand online data from Facebook, Google, or other companies concerning one or several persons during official investigations, mostly criminal cases. In the second half of 2016, 64,279 requests reached Facebook internationally. 26,014 requests alone came from the United States (Facebook, 2017). The percentage of cases where some data was handed over to governments varies greatly between countries. For instance, the second and third largest demanders of Facebook data, India (7,289) and the UK (6,366), saw a diverging 51% and 88% of their respective demands met. No official reason for this divergence was given. Google has received 48,941 user data disclosure requests targeting 83,345 users in the first half of 2017 (Google, 2017).

This is done under the label of security security, either preventively or post-incidentally in the process of investigations or law enforcement. Private companies agree that there are cases in which they should provide information. At the conference “The Internet, private actors and security challenges” held in October 2017 at Science Po, a political science university in Paris, a Microsoft representative announced that they were proud to be able to provide the data of one of the Charlie Hebdo terrorist under an emergency procedure while he was roaming free, possibly saving lives. At the same time, as stated by the same delegate, security cannot be the winning argument in each case (Senese, Mossé, Kent & Sacquet, 2017).

During this debate, private companies representatives didn’t put up the argument of privacy against security, but the argument of trust. Agents from Microsoft, Facebook and Google all insist on the centrality of trust for their business model (Senese, Mossé, Kent, & Sacquet, 2017). To regain dented trust from users (Naughton, 2013; Ferenstein, 2013; Oliver, 2015), transparency (1) and clear rules (2) concerning government access to private data are of essential importance for them (Senese, Mossé, Kent, & Sacquet, 2017). This is especially relevant, as polls suggest that citizens worry more about government access to their data than its collection by private actors (Hare, 2016). Whereas it is unsure if companies advocate for changes due to intrinsic or business motivations, the arguments and actions put forward by tech giants are quite clear.

(1) In 2007, Microsoft and Facebook went to court in the US for the right to issue information on national security requests, which led to the cited transparency reports (Zetter, 2013; Senese, Mossé, Kent & Sacquet, 2017). These do not yet reveal comprehensive information and companies are still fighting for the right to add more layers detail. Similarly, Yahoo sued to ensure they were allowed to disclose the fact they resisted the 2007 bulk surveillance order (Ackerman, 2013; Senese, Mossé, Kent & Sacquet, 2017). Most notify users of governmental request, unless prohibited by law (Center for Democracy & Technology, 2013; Google, 2017; Yahoo, 2017). Google is pursuing a lawsuit to be able to notify even more users, permitting them to fight request in court. All insist that they thoroughly assess disclosure requests and only release data required by law. According to Gail Kent, director for global cybersecurity, surveillance and law enforcement at Facebook, this involves a three step process. First, the legal process of the requesting country has to be followed. Second, the user has to fall within the county’s jurisdiction. Third, the request cannot violate human rights. She cited that this step prohibits a country pledging criminal investigation, but actually being politically motivated (Senese, Mossé, Kent & Sacquet, 2017). In cases of “legal deficiencies or overly broad or vague demands for information” (Facebook, 2017) they demand clarification or resist, according to official Facebook policy.

(2) But transparency can only go so far without clear rules concerning national laws and transnational cases. The companies present at the Paris Workshop conceded that after Snowden and subsequent debates, the US surveillance system is clearer than before and that, generally speaking, civil society actors have stepped up their activism on the issue, whereas in other countries, it is hard to understand or even know the legal framework. Surveillance laws are some of the oldest laws and, for clarity, need to be adapted to the digital age (Senese, Mossé, Kent & Sacquet, 2017). A large thirteen country comparison conducted in the International Data Privacy Law journal concludes that even countries with good data protection regulations do not submit government requests to this framework (Rubinstein, Nojeim & Lee, 2014). It would thus be a first step, but analysis of surveillance mass surveillance shows that even under transparency and clear rules, government find ways to secretly stretch the interpretation or simply do not comply with it (Watt, 2017; Rubinstein, Nojeim & Lee, 2014).

Another controversial topic are transnational rules. This includes clashes between legal systems, doubt as to whose legal rules apply, and government access to data stored outside of its country. A case in point is the current legal action of Microsoft, supported by other tech companies and the Electronic Frontier Foundation, against a US warrant demanding access to emails stored on servers in Ireland. By arguing that the warrant grants the US government direct access to data stored abroad, it aims to avoid the process established under multilateral legal assistance treaties (“MLATs”). Nowadays, the tech giants’ data is widely dispersed internationally, and they have many physical presences around the globe, making this case especially worrisome when considering the possible reciprocity of other countries (Center for Democracy & Technology, 2014).

For many companies, non-US law enforcement agents must use diplomatic channels, such as MLATs, to gather evidence lying on US servers (Google, 2017; Yahoo, 2017; Facebook, 2017). Some additionally provide data to valid legal requests from non-US government agencies “on a voluntary basis” if it does not violate other laws (Google, 2017). As a former member of the Yahoo law enforcement team puts it, when the French police gets note that the data they need for an investigation is only available through a MLAT process, they mostly just close the case (Senese, Mossé, Kent, & Sacquet, 2017). This leads to a gaping chasms between citizens’ rights. Due to this, but also because conflicts in the applicable law pose great problems for their law enforcement divisions and lead to expensive court cases, companies are actively engaged in the fight for greater transnational cooperation. This can be seen, for instance, in the reform of the government surveillance initiative, where they, among others, call upon governments to avoid conflicts of law (AOL et al., 2017). They are seconded on both the issue of transparency and legal clarity by academia (Rubinstein, Nojeim & Lee, 2014) and media (Solon, 2017).

Companies thus present themselves as champions for privacy and the block shield against government intrusion, all while parenthesizing the fact that they themselves profit greatly from evermore abundant and detailed information from users. Whereas Facebook, Google and Microsoft allegedly only intensified their efforts after Snowden, research states that, problematically, their engagement has only started with these revelations, user outcries and a rising demand for privacy protection (Senese, Mossé, Kent & Sacquet, 2017; Sargsyan, 2016), raising the question whether they are the right actors to protect privacy from governments at all. Especially because think tanks like the Citizen Lab in Toronto warn from a constellation where “big data meets big brother” (Senese, Mossé, Kent, & Sacquet, 2017). This is worrying, as research points to a chilling effect of government access to private data on minority views expressed in social media, which democracies should especially protect (Stoycheff, 2016). If, according to Snowden, even developed democracies need to “defend the concept of an open society against the leaders” (Snowden, 2015), where does this leave citizens in less democratic countries? Human Rights Watch consequently concludes that surveillance laws as to government access to private data, should “be written as if the government we most fear is in power” (Wong, 2017). Voices in academia thus advocate a multi-stakeholder governance for the internet to prevent single actors from becoming too powerful (Pohle, 2016; DeNardis, 2010). This applies to both governments and single tech firms, especially as the varying percentages of cases in which tech companies release data to governments point to the fact that companies decide themselves which countries’ requests to follow.

Activists, journalists and ordinary citizens rely on the privacy that technology allegedly offers to speak out and collect information. This is why activists and tech giants also advocate for the development of technologies such as encryption to regain users’ trust and prevent government intrusion. Pros and cons of encryption can be found here. This issue came centre stage, when the FBI demanded Apple to grant the FBI access to the iPhone of a terrorist. The issue is thus framed as a human rights issue. But it is also a marketing question and one that pits companies against governments. On the one hand, private companies are firmly against encryption back doors, as encryption is a key solution to accruing privacy demands of users and thus a big marketing advantage (Ermoshina, Halpin & Musiani, 2017). On the other hand, governments demand an exclusive backdoor to access data in cases of emergencies. But Matt Blaze of the University of Pennsylvania and board director of the Tor project retorts: “A key under the doormat isn’t safe. Neither is an encryption backdoor” (Blaze, 2015). In addition, there is a real controversy between governments and tech companies concerning the cases in which it is technologically possible at all to break encryptions (Senese, Mossé, Kent & Sacquet, 2017). A Facebook representative added that crippling an innovation that was still in its incubation phase, would greatly impede its entire potential (Senese, Mossé, Kent & Sacquet, 2017).

The Economist, a liberal newspaper, raises another question about the power relationships between the government and companies, asking “Should the government know less than Google?” (S., 2013). Google’s business model links its data to possible user wants. Consumption of dance videos on youtube and an email to a friend about wanting to start dance classes, might lead to ads for leotards and studios. But some people watch videos of beheadings and then write an email saying they are only missing a pressure cooker. One might make a legitimate claim about the difference between contracting browser ads based on private information and indiscriminately passing information on to governments to identify these patterns, but the underlying controversy remains unresolved. However, only because the past failed to carve out a sphere of online privacy from commercial companies, this does not mean government should have equal access without a corresponding big societal debate.

Encryption is a new issue where tech giants are rapidly becoming central actors. Their power in the field of data already gives them huge economic might, with which they have not always protected the privacy of their users from governments (Sargsyan, 2016). They are further rapidly taking weighty legal decisions as to releasing their users’ data to governments. The Economist has even compared them to the oil monopolies of the past century (“The world’s most valuable resources,” 2017), pointing to the fact that the political economy has provided them with the breeding ground from which they thrive and created a new type of corporate - government nexus. One way out is a sincere, civil society based and multi-stakeholder approach that analyses where power lies and where it should lie. But this will probably only works when government access to private data focuses neither on governments nor big corporations, but on the citizen.

Governments are increasingly trying to regulate the flow of data, enforcing localization laws, which are intended to keep citizens’ personal data within the country and subject to local regulation. The outcome of data localization is to bring information increasingly under the control of the local authorities (Chander, Le 2014). Snowden NSA revelations in June 2013, exposed the scale and extent of government surveillance, the large amount of the collected data and the vast number of people who are being systematically surveilled (Pohle, Audenhove 2017). Due to the greater global awareness of data security and privacy issues, governments are feeling compelled to enforce new regulations in order to protect their citizens and their businesses from the many challenges they perceive as threatening their nation’s data and privacy(Hill 2014). Arguably, these revelations have had the effect of legitimising Russian government’s own regulations and surveillance practices and have led to the introduction of new legislations reinforcing government control over the Internet. Russia provides a very good case study of government access to private data, due to the swift development of government regulations over the Internet, from a minimal control to an all encompassing strategy of control. Besides, in recent years the Russian government regulations over personal data have been at the forefront of news headlines due to the row with companies such as LinkedIn and more recently Facebook.

Government control over Russian internet

The Russian government has been moving towards a “soverignisation” of the internet, in order to exert control and isolate Russian internet from the global infrastructure (Nocetti 2015). Already in the second half of the 1990s, the Russian government introduced the surveillance system SORM (Sistema Operativno-Rozysknikh Meropriyatiy, or System of Operative Search Measures) (Ermoshina, Musiani 2017). Over the years and more evidently since 2012, there has been a progressive, yet steady creation and application of laws aimed at controlling the Russian Internet (RuNet). In the context of Snowden leaks, the privacy policies adopted by transnational companies such as Google, Facebook, Twitter and others were seen as a threat to Russia’s digital sovereignty and national security. A series of law were introduced to bring global web platforms under Russian jurisdiction – either requiring them to be accessible in Russia by the domain extension .ru, or forcing them to be hosted on Russian territory (Nocetti 2015).

In Spring 2013, the Minsvyazi (Russian Ministry of Communications) drafted an order imposing telecommunications and Internet providers to “install equipment allowing data collection and retention on their servers for a minimum of twelve hours”(Chander, Le 2014). This directive was not simply aimed at websites, but at Internet service providers that carry data between users and computer servers. By requiring Russian Internet service providers to save data locally, it serves as a data localization requirement, not preventing data from leaving, but at least requiring a copy to be stored locally. This provision allows the Russian Federal Security Service (FSB) to gain “direct access to a wider range of data than was possible before—including users’ phone numbers, account details on popular domestic and overseas online resources (such as Gmail, Yandex, Mail.ru etc), IP addresses and location data— without a court order, for the purposes of national anti-terrorist investigations”(Chander, Le 2014).

Shortly after, in September 2014 the law on the retention of personal computer data, Law № 276-FZ, was introduced and entered into force in January 2015 (Nocetti 2015). It requires Russian and foreign companies to store data for customers who are Russian citizens on servers housed on Russian territory(Eckel 2015). This law became known worldwide, as LinkedIn was the first international operator to be banned for violation of this localization requirement by the blocking of its services in Russia. In fall 2014 when the law was first passed there was ambiguity over the specific targets of the law, as it appeared to be broad and control exerted by the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) was limited. However many companies including Viber, Ebay, and, reportedly, Google complied and moved or started to move servers containing the relevant personal data to Russia. Others, such as Facebook, Twitter and LinkedIn, decided not to comply with the new requirements. As Forbes reports, “some expressed concerns that requiring the major social networks to move their Russian users’ personal data onto Russian territory would facilitate the security services’ ease of access to a vast trove of citizens’ personal information and networks.” Shortly after, Roskomnadzor sued LinkedIn for non-compliance, and won its case twice, first in a lower court in August and then again in a Moscow city court in November 2016. At this point access to the website was blocked(Abdullaev 2016).

Recently the threat of blocking extended to Facebook, which has to comply by the end of year or its access in Russia will be blocked. On the other hand, Twitter Inc had already notified Roskomnadzor that it would aim to localize the personal data of its users by the middle of 2018 (Russia tells Facebook 2017). These initiatives have sparked criticism by civil society and human rights activists(Russia: New Legislation 2017). Nonetheless, Human Rights Watch reports, a second law № 241-FZ, signed on July 30, prohibits companies registered in Russia as “organizers of information dissemination,” including online messaging applications, from allowing unidentified users. The law requires those companies to identify their users by their cell phone numbers, and tasks the government with elaborating the identification procedure. Under the law, mobile applications that fail to comply with requirements to restrict anonymous accounts will be blocked in Russia. The law is scheduled to come into force in January 2018 (Russia: New Legislation).

Data localization, by centralizing control over digital infrastructure, can limit freedom by permitting countries to collect information on their citizens more easily, through domestic surveillance (Hill 2014). Unquestionably, Russia is not the first country in the world to impose such data localisation requirements across all sectors of the economy: China, India, Indonesia and Vietnam have implemented similar (Nocetti 2011). The Russian government has adopted a state-centred approach to the internet similar to the Chinese one, indeed as Rubenstein notes “the Chinese government maintains almost unlimited and unfettered access to private sector data through a variety of regulatory requirements”(Rubinstein et al 2014).

Internet governance and personal data in China

The similarities over the strategies adopted by the Russian and Chinese government in order to regulate the internet are numerous. In China, government’s control over internet access and user’s personal data is constantly increasing and evolving. Recently, in June 2017, the Chinese government passed a new cybersecurity law, which aims to protect companies that are critical for China’s national security against hackers attacks and cyber sabotage (Alsabah 2017). The law expands the government’s control of data, networks and critical infrastructure and it is vague and unclear on its scope and on the security measures. It requires “critical information infrastructure operators”, which could be interpreted to include companies in many sectors, including telecommunications, information services and finance, to store certain personal and business information in China (Shepard 2017). Foreign companies are concerned that they may have to share their source code with Chinese authorities, moreover they worry that data localisation requirements might increase the danger of industrial espionage and intellectual property violations. Although the law’s ambiguous wording makes it unclear precisely which companies would be required to comply with the localization provisions (Bowman 2017). Another issue present in both Russia and China involves the government crackdown on VPNs (Virtual Private Networks). In order to suppress dissent and control the internet, the government has ordered China’s three telecommunications companies (China Mobile, China Unicom and China Telecom), to completely block access to virtual private networks, or VPNs, by February 2018 (Haas 2017). By blocking VPNs the government is reinforcing the “Great Firewall” , a system that prevents access to websites not approved by the government, by cracking down on any loopholes in the system(China tells 2017).

Another feature of the Chinese government access to personal data is the proposed creation of a “social credit system”, which was presented in a high-level policy paper presented in September (Denyer 2017). Beijing is proposing to assess its citizens’ behavior over a series of commercial and social activities, creating an uber-scoring system. This score would be based on different social aspects and could “encompass everything from a person’s chat-room comments to their performance at work”(China is bulding 2017). The score could then be used to determine eligibility for jobs, mortgages, and social services and sanctions that could be imposed on any person or company deemed to have fallen short (Denyer 2017). The plan is envisioned by the Communist Party in the hope it will build a culture of “sincerity” and a “harmonious socialist society” where “keeping trust is glorious.” According to the Washington Post, eight private companies have created pilot "credit databases" that compile information about individuals. The system sounds strikingly familiar to “ Black Mirror”, a British TV series depicting a dystopian future. In the "Black Mirror" episode, titled "Nosedive," the purpose of a universal ratings system is ostensibly to incentivize untrustworthy individuals in a society to shape up to what other members consider good (Nguyen 2017). Indeed, the overriding principle underscored in the Chinese policy paper for the development of the Social credit system (2014-2020) is: “If trust is broken in one place, restrictions are imposed everywhere” (China’s plan 2017). Sanctions would be imposed on those individuals and companies considered culpable, and a whole range of privileges would be denied, while people and companies breaking social trust would also be subject to expanded daily supervision and random inspections.

Abdullaev, Nabi (2016) Forbes Why Russia's LinkedIn Ban Is Not About Internet Freedoms https://www.forbes.com/sites/riskmap/2016/12/08/why-russias-linkedin-ban-is-not-about-internet-freedoms/#32203402a78e

Alsabah Nabil (2017) MERICS China’s new Cybersecurity Law https://www.merics.org/en/media-contact/press-releases/chinas-new-cybersecurity-law/

Amnesty International;2017, Russia: VPN ban is a major blow to internet freedom https://www.amnesty.org/en/latest/news/2017/07/russia-vpn-ban-is-a-major-blow-to-internet-freedom/

Bowman, C. 2017 Data Localization Laws: an Emerging Global Trend; Jurist http://www.jurist.org/hotline/2017/01/Courtney-Bowman-data-localization.php

Chander, A., & Le, U. P. (2014). Breaking the Web: Data Localization vs. the Global Internet.

Electronic Frontier Foundation (2017) https://www.eff.org/deeplinks/2017/08/rising-demands-data-localization-response-weak-data-protection-mechanisms

China Tells Carriers to Block Access to Personal VPNs by February. (2017). Bloomberg.com. Retrieved 8 November 2017, from https://www.bloomberg.com/news/articles/2017-07-10/china-is-said-to-order-carriers-to-bar-personal-vpns-by-february

China Is Building The Mother Of All Reputation Systems To Monitor Citizen Behavior. (2017). Fast Company. Retrieved 11 November 2017, from https://www.fastcompany.com/3050606/china-is-building-the-mother-of-all-reputation-systems-to-monitor-citizen-behavior

China’s plan to organize its society relies on ‘big data’ to rate everyone. (2017). Washington Post. Retrieved 11 November 2017, from https://www.washingtonpost.com/world/asia_pacific/chinas-plan-to-organize-its-whole-society-around-big-data-a-rating-for-everyone/2016/10/20/1cd0dd9c-9516-11e6-ae9d-0030ac1899cd_story.html?utm_term=.09ff36577867

Denyer, S. (2017). China wants to give all of its citizens a score – and those who fall short will be denied basic privileges. The Independent. Retrieved 11 November 2017, from https://www.independent.co.uk/news/world/asia/china-surveillance-big-data-score-censorship-a7375221.html

Ermoshina, K., & Musiani, F. (2017). Migrating servers, elusive users: Reconfigurations of the Russian Internet in the post-Snowden era. Media and Communication, 5(1)

Freedom House; Freedom of the Net 2016 https://freedomhouse.org/report/freedom-net/2016/russia

Haas, B. (2017). China moves to block internet VPNs from 2018. the Guardian. https://www.theguardian.com/world/2017/jul/11/china-moves-to-block-internet-vpns-from-2018

Hill, J. F. (2014). The growth of data localization post-snowden: Analysis and recommendations for us policymakers and business leaders.

Hintz, A. & Dencik, L. (2016). The politics of surveillance policy: UK regulatory dynamics after Snowden. Internet Policy Review, 5(3). DOI: 10.14763/2016.3.424

Human rights watch (2017) https://www.hrw.org/news/2017/08/01/russia-new-legislation-attacks-internet-anonymity

Eckel, M. (2015) New Russian Internet Data Law Raises Questions About Privacy And Compliance RFERL https://www.rferl.org/a/russia-internet-data-law-privacy-compliance/27222557.html

Independent (2017) Russia threatens to block facebook if it refuses to store data in Russia http://www.independent.co.uk/life-style/gadgets-and-tech/russia-facebook-ban-putin-data-local-storage-threat-a7968711.html

Maréchal, N. (2017). Networked authoritarianism and the geopolitics of information: Understanding Russian Internet policy. Media and Communication, 5(1).

New York Times, 2013 Russians Selectively Blocking Internet http://www.nytimes.com/2013/04/01/technology/russia-begins-selectively-blocking-internet-content.html

Nocetti, J. (2015). Russia's 'dictatorship-of-the-law' approach to internet policy. Internet Policy Review, 4(4). DOI: 10.14763/2015.4.380

Nocetti, J. (2011). “Digital Kremlin”: power and the internet in Russia. Russie. Nei. Visions, (59), 5.

Nguyen, C. (2017). China might use data to create a score for each citizen based on how trustworthy they are. Business Insider France. Retrieved 11 November 2017, from http://www.businessinsider.fr/us/china-social-credit-score-like-black-mirror-2016-10/

Pohle, J. and Leo Van Audenhove; Post-Snowden Internet Policy: Between Public Outrage, Resistance and Policy Change Media and Communication - 2017, Volume 5, Issue 1

Reporters without borders, Enemies of the Internet 2014: entities at the heart of censorship and surveillance http://12mars.rsf.org/2014-en/#slide2

Rubinstein, I. S., Nojeim, G. T., & Lee, R. D. (2014). Systematic government access to personal data: a comparative analysis. International Data Privacy Law, 4(2), 96-119.

Shepard, C. (2017) China quietly releases draft of tough new intelligence law, Reuters . http://www.reuters.com/article/us-china-security-lawmaking/china-quietly-releases-draft-of-tough-new-intelligence-law-idUSKCN18C0UX

Reuters (2017) Russia tells Facebook to localize user data or be blocked https://www.reuters.com/article/us-russia-facebook/russia-tells-facebook-to-localize-user-data-or-be-blocked-idUSKCN1C11R5

Ackerman, S. (2013, July 30). Justice Department to declassify key Yahoo surveillance orders. Retrieved from The Guardian: https://www.theguardian.com/world/2013/jul/30/justice-department-declassify-yahoo-surveillance-orders

Amazon. (2017). https://d0.awsstatic.com/certifications/Information_Request_Report_June_2017.pdf. Retrieved from https://d0.awsstatic.com/certifications/Information_Request_Report_June_2017.pdf

AOL, Apple, Facebook, Google, LinkedIn, Microsoft, et al. (2017). Reform Government Surveillance. Retrieved from https://www.reformgovernmentsurveillance.com/#may-19.

Apple. (2017). Report on Government and Private Party Requests for Customer Information. Retrieved from https://images.apple.com/legal/privacy/transparency/requests-2017-H1-en.pdf

Blaze, M. (2015, December 15). A key under the doormat isn’t safe. Neither is an encryption backdoor. Retrieved from The Washington Post: https://www.washingtonpost.com/news/in-theory/wp/2015/12/15/how-the-nsa-tried-to-build-safe-encryption-but-failed/?utm_term=.7be8fe3fd37e.

Center for Democracy & Technology. (2013). Law Enforcement Standards by Country. Retrieved from https://govaccess.cdt.info/standards-le-country.php

Center for Democracy & Technology. (2014). Neither warrants nor subpoenas should reach data stored outside the US. Washington: CDT.

DeNardis, L. (2010). ‘The Emerging Field of Internet Governance’. Yale Information Society Project Working Paper Series. Retrieved from https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1678343.

Ermoshina, K., Halpin, H., & Musiani, F. (2017). Can Johnny build a protocol? Co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols . Presented at the European Workshop on Usable Security, Internet Society. https://doi.org/10.14722/eurousec.2017.23016

Facebook. (2017). Government Requests Report. Retrieved from https://govtrequests.facebook.com

Facebook. (2017). Information for Law Enforcement Authorities. Retrieved from Safety: https://www.facebook.com/safety/groups/law/guidelines/.

Ferenstein, G. (2013, November 5). Poll: Public Supports NSA Spying On Their Email, Neighbors And Foreign Leaders. Retrieved from Tech Crunch: https://techcrunch.com/2013/11/05/poll-public-supports-nsa-spying-on-their-email-neighbors-and-foreign-leaders/

Google. (2017). Legal process for user data requests FAQs. Retrieved from Transparency Report Help Center: https://support.google.com/transparencyreport/answer/7381738?hl=en.

Google. (2017). Requests for User information. Retrieved from Transparency Report: https://transparency report.google.com/user-data/overview

Greenwald, G., & MacAskill, E. (2016, June 7). NSA Prism program taps in to user data of Apple, Google and others. Retrieved from The Guardian: https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data

Hare, S. (2016). For your eyes only: U.S. technology companies, sovereign states, and the battle over data protection. Business Horizons , 59 (5), pp. 549-561.

Microsoft. (2017). Law Enforcement Requests Report. Retrieved from Corporate Social Responsibility: https://www.microsoft.com/en-us/about/corporate-responsibility/lerr.

Naughton, J. (2013, October 20). Edward Snowden: public indifference is the real enemy in the NSA affair. Retrieved from The Guardian: https://www.theguardian.com/world/2013/oct/20/public-indifference-nsa-snowden-affair

Oliver, J. (2015, April 5). Government Surveillance: Last Week Tonight with John Oliver (HBO). Retrieved from Youtube: https://www.youtube.com/watch?v=XEVlyP4_11M.

Pohle, J. (2016). ‘Multistakeholder governance processes as production sites: enhanced cooperation "in the making"’. Internet Policy Review, 5(3).

Rubinstein, I., Nojeim, G., & Lee Ronald. (2014). Systematic government access to private data: a comparative analysis. International Data Privacy Law, 4 (2), 96-119.

S., M. (2013, June 11). Should the government know less than Google? The Economist. Retrieved from https://www.economist.com/blogs/democracyinamerica/2013/06/surveillance-0

Sargsyan, T. (2016, December 16). The privacy role of information intermediaries through self-regulation. Internet Policy Review , 5 (4).

Senese, A., Mossé, M., Kent, G., & Sacquet, M. (2017, October 9). The Internet, private actors and security challenges. Sciences Po, Paris, France.

Snowden, E. (2015, June 4). Edward Snowden: The World Says No to Surveillance. Retrieved from The New York Times: https://www.nytimes.com/2015/06/05/opinion/edward-snowden-the-world-says-no-to-surveillance.html

Solon, O. (2017, March 7). With the latest WikiLeaks revelations about the CIA – is privacy really dead?. Retrieved from The Guardian: https://www.theguardian.com/world/2017/mar/09/with-the-latest-wikileaks-revelations-about-the-cia-is-privacy-really-dead.

Stoycheff, E. (2016). Under Surveillance: Examining Facebook’s Spiral of Silence Effects in the Wake of NSA Internet Monitoring. Journalism & Mass Communication Quarterly , 93 (2), pp. 296– 311.

The world’s most valuable resource is no longer oil, but data . (2017, May 6). The Economist. Retrieved from https://www.economist.com/news/leaders/21721656-data-economy-demands-new-approach-antitrust-rules-worlds-most-valuable-resource

Watt, E. (2017). ‘The right to privacy and the future of mass surveillance’. The International Journal of Human Rights , 21 (7), pp. 773-799

Wong, C. (2017, July 2). The dangers of surveillance in the age of populism. Retrieved from Newsweek: http://www.newsweek.com/state-surveillance-europe-populism-cctv-citizens-553857.

Yahoo. (2017). Yahoo! Inc. Law Enforcement Response Guidelines. Retrieved from Transparency Report: https://transparency.yahoo.com/law-enforcement-guidelines/us.

Zetter, K. (2013, August 30). Google, Microsoft Press Lawsuits for Right to Release More Surveillance Data. Retrieved from Wired: https://www.wired.com/2013/08/google-and-microsoft-sue-gov/