The Wikimedia Foundation’s “Got Your Back” when it comes to user privacy

Translate this post

Privacy is a core tenant of the Wikimedia movement. Photo by Owen Moore, freely licensed under CC BY 2.0.
We are proud to announce that the Wikimedia Foundation received perfect marks in all five categories in the Electronic Frontier Foundation (EFF)’s Who’s Got Your Back? report.
The annual report, released on June 17, grades technology companies on how well they protect users’ rights and how transparent they are about their policies and activities. As the EFF points out, in an era in which the law is slow to keep pace with technical developments, it is the responsibility of technology companies to enact the strongest possible policies and practices to protect user rights.
This year, the Wikimedia Foundation earned five stars in all five categories:

  1. follows industry-accepted best practices;
  2. tells users about government data demands;
  3. discloses policies on data retention;
  4. discloses government content removal requests; and
  5. pro-user public policy: opposes backdoors.

Noting that we have adopted all of EFF’s recommended best practices, the report praised the Wikimedia Foundation for our “strong stance regarding user rights, transparency, and privacy.”
Wikimedia’s five-star rating reflects the lengths we go to for transparency and privacy. Photo by Sylwia Bartyzel, freely licensed under CC-0 1.0.
Industry-accepted best practices: The Wikimedia Foundation occasionally receives requests from governments and organizations to release nonpublic user data or remove content from the Wikimedia projects. Compared to other technology companies, we receive relatively few requests like these, in part because we collect little nonpublic information about our users and retain that information only for a limited time. When we do receive a request, we carefully scrutinize it to ensure that it meets our requirements prior to considering release of any nonpublic user information. As we state in our law enforcement guidelines, we require a valid, enforceable warrant before releasing any content to law enforcement. We also explain in those guidelines how we respond to data demands, and publish a transparency report that documents the requests we receive and how we responded.
Government data demands: We promise to give users prompt notice of government demands for nonpublic user information. When we receive a request, we seek to notify the affected user and provide a copy of the request at least 10 calendar days before we release the information. We will contact the user provided that we have the user’s contact information, that disclosing the request will not threaten life or limb, and that we are not otherwise prohibited by law from doing so. The notified user can then attempt to quash or legally challenge the request. If we are prevented from notifying users for one of the above reasons, we will provide information about the request to affected users after the threat or legal restriction has ended. Additionally, we may, and reserve the right to, challenge a request on behalf of any affected user, whether or not the user chooses to pursue his or her own legal challenge.
Data retention policies. We publish detailed information about our data retention policies.
Content removal requests: In our transparency report, we disclose government requests to remove user content or accounts, as well as information about how often we comply.
Pro-user public policy: We oppose “backdoors” that introduce security vulnerabilities for the government’s use.
As part of our commitment to supporting the free sharing of knowledge, we strive to do our utmost to protect our users’ privacy and we are honored to be recognized as industry leaders. We invite you to learn more about our efforts to protect user privacy  and promote transparency at
Geoff Brigham, Wikimedia Foundation General Counsel*
• *Our commitment to privacy is an organization-wide effort, and we thank all who are involved in upholding that commitment, including the Foundation’s Analytics, Operations, Design, Community Engagement, Communications, and Legal teams, as well as many others. Our special thanks go to Lexie Perloff-Giles for her assistance with this blog post.

Archive notice: This is an archived post from, which operated under different editorial and content guidelines than Diff.

Can you help us translate this article?

In order for this article to reach as many people as possible we would like your help. Can you translate this article to get the message out?

Inline Feedbacks
View all comments

great, i like it 😀

A number of the pages which you publicise here refer to the [Access to nonpublic information policy at which was mandated by the WMF Board in April 2014. However,over a year later, the WMF has not yet managed to actually bring that in to effect, saying “the former policy remains in force until the new processes mandated by the new policy are put into place. A future announcement will be made to those affected before the new policy goes in effect.”. This long-standing failure apparently did not lose you any marks, but I hope that the pride you feel… Read more »

Thumbs up for Wikimedia. I like that they care user privacy. good work

[…] paragraphs but just add their contributions and reference to a list format.” While our privacy policy forbids comprehensively analyzing the geographic spread of our users, a quick look at the publicly […]