Data Transparency Report
About this report
Where compelled by law, Fastmail complies with requests for data it holds. As an Australian company, we are subject to Australian law.
As required by the Australian Privacy Principles, section 6, we cannot disclose information to foreign authorities: we only comply with requests made through Australian law enforcement.
All requests are checked for legal validity before being actioned.
Definition of terms
Valid/invalid request
Before we take action on a request from law enforcement, we need to examine if we can legally respond under Australian law. If the request meets the legal requirements then we call that a ‘valid’ request. Only valid requests are actioned. An invalid request is one that doesn’t meet the legal requirements. We don’t measure these in our transparency reporting as these are never actioned. Some examples of invalid requests:
- A direct inquiry from an international organization or law enforcement body.
- A request made under Australian law, but that is incorrectly formed. Some examples: it uses laws that we do not fall in scope for; the data the request is covering is too broad; the request contains typos. We contest these: sometimes they are resubmitted.
- A demand direct from an individual.
Actioned request
Once we have a valid request, we review our systems and determine whether we can provide what has been requested. An actioned request is one where we have the data to be provided to the requesting agency. Valid requests that are not actioned are those where there is no data, or where we haven’t received sufficient information to identify the target account.
Types of origins
- Mutual law enforcement assistance treaty: requests from overseas law enforcement agencies that have come through Interpol’s process, or through a mutual assistance treaty with Australia to the Australian Federal Police.
- Australian Federal Police: our national agency.
- Australian state police: each state of Australia has its own branch of police who investigate crimes within their jurisdiction.
Content type
Typically law enforcement are after one or both kinds of information we hold.
- Subscriber information is data about the accountholder.
- Stored communications is email and associated content.
Data access requests each year
2023
By request total:
- Valid requests: 16
- Requests actioned: 12
By origin:
- Mutual law enforcement assistance treaty: 8
- Australian Federal Police: 4
- Australian state police: 4
By content type:
- Subscriber information: 6
- Stored communications: 6
2022
By request total:
- Valid requests: 11
- Requests actioned: 9
By origin:
- Mutual law enforcement assistance treaty: 5
- Australian Federal Police: 1
- Australian state police: 5
By content type:
- Subscriber information: 7
- Stored communications: 2
2021
By request total:
- Valid requests: 33
- Requests actioned: 16
By origin:
- Mutual law enforcement assistance treaty: 16
- Australian Federal Police: 1
- Australian state police: 16
By content type:
- Subscriber information: 25
- Stored communications: 3
Explanatory notes
Limits to accuracy
Due to the nature of law enforcement requests, there may be some double-counting of items in our reporting. This can be due to:
- Inquiries received from multiple law enforcement bodies on an account
- Different kinds of requests for the same account
- Preservation orders which become requests for data over time
Additionally, some requests span multiple years, as it can take months for the paperwork to complete between countries.
Variations over time
It is difficult to compare year on year, as there are multiple factors that contribute to the volume and type of requests we receive. Changes to laws, technical anti-fraud changes in our service to prevent bad actors, along with external forces (for example, COVID-19 created a huge increase in online fraud and scams from 2020 onwards).
Contact us
If you have questions about this report, contact us at privacy@fastmailteam.com.