Western governments want your data and big tech is happy to provide. New data shows that in the last 10 years, Google, Apple, and Meta has handed over the account information of 3.1 million people to the U.S. government alone.
This includes emails, files, messages and other highly personal data in an increase of 600%. We are seeing a growing appetite from governments and authorities to take advantage of huge, often unencrypted, data reserves.
Despite their privacy laws, European Union (EU) governments' data requests have risen by over 1,000% and are rapidly catching up to the U.S.
These requests cannot always be ignored and companies have to follow the laws of the land. However, more needs to be done to protect our private data and not prioritizing profit over people.
Unlike the best VPNs, these companies are not putting users first by adopting widespread end-to-end encryption or no-logs policies.
The research was conducted by Proton VPN – one of the most secure VPNs and champions of data privacy – after analysis of its data from 2014 to 2024.
It alarmingly highlights the dangers posed by tech companies in the 21st century and the increasing overreach of governments. But is there anything we can do to safeguard our data against ever growing threats?
U.S. Data sharing increases by 600%
Let's first examine the relationship between big tech and the U.S. government. Proton's research data shows the number of user accounts shared, in a typical sixth month period, has increased by 606% in the last decade.
Meta's data sharing increased by 675% – the largest increase of the three companies. Apple's increased by 621% and Google has increased by 530%. It's worth noting that Apple's data only goes up to June 2023, so its true figure could be even higher.
In total, the three companies have handed over the details of 3.16 million accounts and leaves us questioning the data privacy policies of big tech.
Data requests for American citizens is significantly higher than other countries in the western world, with requests nearly double that of second-place Germany.
The 14 Eyes Alliance is a group of countries who have agreed to share intelligence and data on its citizens.
Between the last six months of 2023 and the first six months of 2024, the US government alone made nearly 500,000 data requests to Google and Meta – more than all the other 14 Eyes Alliance members combined.
Germany's requests numbered 175,000. France and the UK were third and fourth, with approximately 60,000 and 52,000 respectively. The remaining countries made a total of almost 93,000 requests between them.
EU governments not without blame
You'd be forgiven for thinking that the EU's GDPR legislation protects the data privacy of the millions that live there – but sadly that isn't always the case. In just a few months, EU governments requested big tech hand over information surrounding over a hundred thousand user accounts.
The volume of requests may not match that of the U.S government, but they are still requesting a significant amount of data.
EU governments requested data on an estimated 164,472 user accounts in the first half of 2024. This is a 1,377% increase from the 11,133 accounts requested by governments in the second half of 2014.
Over the 10-year period Google's sharing with EU governments increased by 1,416%, Meta's rose by 1,268%, and Apple's rocketed by 2,777%.
As seen in the earlier graph, between July 2023 and June 2024, Germany was the most aggressive EU government. This hasn't changed as new data has shown in the second half of 2024 German authorities requested data on 76,910 accounts – a 2,484% increase from the approximately 3,000 requested in the latter half of 2014.
In the same half of 2024, France requested data on 25,772 user accounts, Poland requested 17,916, and Spain sought data on 13,509 accounts.
Whilst the numbers coming out of the U.S are more damning in scale, we shouldn't forget about the governments of the EU. Surveillance is not just an American problem and despite the EU's rhetoric on privacy, the rate of data request acceleration is deeply concerning – and could soon overtake the U.S.
No matter the size, any government requesting data on its population should be opposed and condemned and we must not let government overreach become the norm.
Government overreach
Powerful governments can request data as and when they like. Law enforcement agencies can use overly broad warrants to access sensitive data. So-called "reverse warrants", for example, include "geofencing" and "search term" reach, allowing them to haul in user location data and the hunting of specific search terms in user activity.
The Foreign Intelligence Surveillance Act (FISA) allows the U.S. government to request user data for national security purposes. These requests cannot be legally refused, and requests made using the Section 702 loophole are never individually reviewed by a judge.
FISA data requests are often kept secret and are not included in the 3.16 million figure cited earlier. From available data, since 2014 FISA requests to Meta have increased by 2,171%. Requests to Google have risen 594% and Apple, whose data is less transparent, reported a 274% increase in requests between 2018 and 2023.
The U.S. government has tried to access sensitive information of Americans in recent weeks through the actions of Elon Musk's Department of Government Efficiency (DOGE). Musk's DOGE has faced massive backlash and 12 privacy lawsuits over its potentially illegal demands for access to U.S. federal agency data on millions of Americans.
The UK government recently demanded Apple give it access to encrypted data held on users – something Apple claims even it can't see. The UK government ordered Apple to build a backdoor to user data in its Advanced Data Protection feature and Apple refused.
As a result, Apple has been forced to kill the security feature in the UK and users of its iCloud service will no longer be protected by end-to-end encryption.
Commenting on the research, Raphael Auphan, COO of Proton, said: "We’ve known for years that the government puts a great deal of energy into finding out everything it possibly can about you. Where you go, who you speak to, what you read, what you buy. In the past it relied on massive, complex and legally questionable surveillance apparatus run by organizations like the NSA."
"But thanks to the advent of surveillance capitalism, this is no longer necessary. All that’s required for the government to find out just about everything it could ever need is a request message to big tech in California. And as long as big tech refuses to implement widespread end-to-end encryption, these massive, private data reserves will remain open to abuse."
Can you protect yourself?
Despite Apple offering elements of end-to-end encryption, it is not widely adopted by big tech companies due to the fact ads, tracking, and sharing data keeps their business models alive.
Changing this behavior is not something that can be done overnight, but adopting good personal privacy practices is a crucial part of protecting your data.
A VPN is a simple first step. VPNs protect your data by routing your internet traffic through an encrypted tunnel, keeping it safe from prying eyes, third-parties, and hackers.
Many VPNs come with additional cybersecurity features such as NordVPN's Threat Protection Pro which can help prevent trackers and cookies recording your data too.
The leading VPNs also operate no or zero-logs policies which mean they do not collect and store your data and certainly won't share it with any third-party. All VPNs that feature on our best VPN list adopt this policy. Veteran provider Private Internet Access (PIA) has had its policies stand up to the test in court – twice.
Our best VPN list has all the information you need and there are various different price options. But if money is tight, the best free VPNs will still do the basic, but important, job of protecting your privacy and security – albeit without all the extras.
For all their benefits, though, VPNs can't stop big tech companies from collecting data on you entirely. As soon as you sign-up to an account, be that Google, Apple, or a Meta service, your personal data is collected and stored – VPN or not.
It's vital, then, that you read privacy policies properly and fully understand what you're signing up for. Be aware of what you're consenting to handing over and of your rights.
You can also ask these companies, for example, to provide you with a copy of all the data they hold on you, and request they delete certain data too
Data removal services, such as Incogni, are useful for removing your data from the internet. They scan their lists of known data brokers and send removal requests if records of your data are found. This process is repeated on your behalf and you don't have to do anything other than provide the service with your information.
As part of its recent Identity Defender feature, ExpressVPN added a data removal service to its VPN package, as well as identity theft insurance of up to $1 million.
The best encrypted messaging apps and the best password managers are other tools that are useful in securing your data online. 123456 is the world's most popular password and having unique and complex passwords is necessary to protect your online accounts. Many VPNs, including Proton VPN, include a password manager in subscriptions.
How far will this go?
What is clear is we are seeing an increase in the amount of data collected by big tech companies and requested by governments. It's no longer just traditionally authoritarian governments, such as Russia and China, who are imposing internet restrictions and collecting data on its population. Western governments are doing it too.
There is a huge volume of data collected on us. Raising awareness and education are crucial to challenging governmental and big tech policies in the long-term but, when it comes to taking back control of your data in the here and now, the onus is very much on us as individuals.
Disclaimer
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
