Google sent user data to Hong Kong officials in the latter half of 2020 after it promised to stop processing data requests from foreign governments, the Hong Kong Free Press first reported.
Hong Kong officials sent Google 43 requests for user information last year, according to the company’s transparency report. Google produced data responding to three of the requests.
One request involved information disclosure due to a credible threat to someone’s life. The other two requests involved an investigation into human trafficking and were supported by a warrant signed by a government magistrate. According to the company’s Terms of Service, which applies globally, Google is allowed to provide information in such cases.
According to Google’s policies on user data requests, the company is allowed to provide users’ metadata, including names, associated emails, phone numbers, IP addresses, and billing information.
Last July, China unilaterally passed sweeping but vague national security laws for individuals and corporations in Hong Kong that banned all forms of what China deems “secession, subversion, terrorism, and collusion” with outside powers.
Chinese authorities have used subversion charges in the past to detain dissidents. People who undermine the Chinese government in these ways could carry the maximum sentence of life in prison.
The law dealt a huge blow to Hong Kong’s pro-democracy movement and sparked citywide protests from residents and pro-democracy activists who saw it as a clear violation of their civil liberties. China also established a formal presence of mainland national security agencies in Hong Kong for the first time in the city’s history as part of the law.
A week after the law was passed, Google and several other US-based tech giants, including Facebook, Twitter, and LinkedIn, announced they would halt processing data requests from Hong Kong upon further assessment of the law. Google later cut ties with Hong Kong in regards to data requests.
Google said some foreign governments might ask it for data, either through the courts or diplomatic channels, like a mutual legal assistance treaty (MLAT), which allows two or more countries to exchange information during criminal investigations. The tech giant says it reviews all requests and pushes back on those that could infringe on user privacy.
The three case exceptions fell outside the MLAT protocol, but Google said those requests were processed according to the company’s global standards and procedures.