English version of the page: Data-processing exemption principles
本文基于《欧盟通用数据保护条例》及其相关的政策性文件撰写,数据共享豁免原则旨在维护其他用户或整体社会的利益及秩序。
通常情况下,在我们进行数据处理时,您的个人数据仅会被自动化程序进行处理,即在数据处理过程中,任何组织和个人均不会获取到您的任何数据,本文将阐述我们何时可以在不通知您的前提下处理或传输您的个人数据。
We take the privacy of our users very seriously, but as a legitimate operator, we also recognize that in some cases, law enforcement can legally and compliantly request data necessary to ensure the safety of our users and us and to prevent misuse of the technology, and we try to find the best possible balance between legality and privacy.
Amount of data disclosed
As of today, the total amount of each data we have disclosed to law enforcement agencies is zero.
Transparency reports
We publish transparency reports each quarter (or not if there are no data requests for that quarter) that contain the total number of data requests, denials, and eventual disclosures from law enforcement in each region.
Even if the relevant data request is accompanied by a confidentiality order, we will add it to the total number of data requests, with the difference that data requests accompanied by a confidentiality order may be delayed in disclosure to the relevant data subject.
Strict scrutiny of the identity of the requester
We do not accept data requests from individuals.
Our Compliance Department only accepts data requests from certified law enforcement agencies in connection with criminal cases. Each request is subject to rigorous review by the Compliance Department and will be disclosed to the relevant data subject after the fact. Depending on the type of data requested, we require a written search warrant or court subpoena from the requesting party.
For non-content data (referred to in the law as non-content data)
Required: Summons or local document of the same legal nature.
For content data (referred to in the law as content data)
Required: Search warrant, court order or local document of the same legal nature.
In addition, we clearly delineate the boundaries of data provision to governments in strict compliance with relevant national laws and international human rights standards. We also challenge requests when there is a legitimate basis for doing so, to ensure that the rights of data subjects are safeguarded.
Transparency policy
For general data requests, we will send a data disclosure notice to the data subject. (If the data request is accompanied by a confidentiality order, the disclosure notice may be delayed.)
Strict control over the scope of data disclosure
When disclosing data, we follow the principle of data minimization and, as far as possible, provide only the necessary information.
我们对于任何关于儿童的违法色情内容采取零容忍态度,我们将会在合法合规的前提下与 国家失踪和受虐儿童中心 (NCMEC) 和相关执法机构定期共享一些不敏感的匿名数据。
我们援引了欧盟法规 (EU) 2021/1232 的 2002/58/EC 号指令。对于存储在我们服务器或其他云资源上的视频及图像文件,我们会使用自动化程序将相关文件指纹(即文件哈希)与 NCMEC 报告的 儿童性剥削和性虐待图像哈希集 进行比对,以防止用户使用我们的服务存储或传播违法内容。
需要特别注意的是,该检查仅涉及到图像和视频文件,并且通过文件指纹(即不可逆的”哈希“)进行识别,校验步骤将全程在本地安全进行,未经您的许可,任何人无权查看相关原始文件;同时,由于 NCMEC 所提供的哈希集会进行动态更新,故我们可能会在特定时间周期中对您所上传的图像和视频文件进行回扫以保证服务安全。