TRANSPARENCY REPORT
TRANSPARENCY REPORT 2017 BIT B.V. - VERSION 2018-06-08
In 2012, BIT issued their first Transparency Report with the aim of providing insight into requests for personal data at BIT and the amount of notice and takedown requests that have been received and processed by BIT in that year. In this report, we publish that information for the year 2017.
We publish this information because we think it’s important, especially given the recent developments in the field of privacy, to provide our clients and other interested parties with openness. To enable trends to be identified, we have included the figures from 2012 to 2016 in this report as well.
Below you find the numbers per category for the received complaints/requests/notifications and the way these were handled.
Hand over of personal data
The table below shows the number of requests we have received for the handover of personal data of customers of BIT to law enforcements. The number of cases that were in compliance with this request are indicated as well.
| 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | |
| Received requests | 1 | 1 | 0 | 2 | 2 | 1 |
| NAW-requests where information has been disclosed | 1 | 1 | 0 | 0 | 0 | 0 |
| Total | 1 | 1 | 0 | 2 | 2 | 1 |
Handover requests
The number of handover requests for personal data of customers are displayed in the graph below. This will give you a clear overview of the developments during the years.
Reports of data protection infringements
BIT is legally required to report any event of infringement of the protection of personal data they have stored. In contrast to the period from 2012 up to and including 2016, BIT did find a reason in 2017 to report this.
| 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | |
| Reports of data protection infringements | 0 | 0 | 0 | 0 | 0 | 1 |
Legal interception orders
It is possible for the national police, FIOD-ECT, Inspection SZW, IOD, AID, AIVD and MIVD to place a legal interception order at a provider. This can be an email intercept or an IP intercept. The table below shows the number of legal interception orders we have received.
| 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | |
| Amount of tapping orders | 0 | 0 | 0 | 0 | 0 | 2 |
Malware
The table below shows how many complaints BIT received because of the (alleged) hosting of malware and how they were processed.
| 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | |
| Processed Take Down requests | 8 | 29 | 20 | 10 | 66 | 38 |
| Rejected Take Down requests | 4 | 0 | 0 | 0 | 0 | 0 |
| Total | 12 | 29 | 20 | 10 | 66 | 38 |
Takedown requests regarding malware
The number of takedown requests regarding malware are displayed in the graph below. This will give you a clear overview of the developments during the years.
Takedown requests regarding copyright infringement
The number of takedown requests regarding copyright infringement are displayed in the graph below. This will give you a clear overview of the developments during the years.
| 2013 | 2014 | 2015 | 2016 | 2017 | |
| Unprocessed complaints | 1135 | 2339 | 607 | 1773 | 2000 |
| Complaints rejected by BIT | 5 | 6 | 0 | 0 | 0 |
| Reported complaints | 4 | 0 | 0 | 0 | 0 |
| Total | 1144 | 2345 | 607 | 1773 | 2000 |
The large number of unprocessed complaints are filed by a small number of parties that automatically file complaints on behalf of the film and music industry. Since they do not comply with our notice and takedown procedure, we have not processed these complaints. It is also possible that among these complaints reported in 2013, 2014, 2016 and 2017 (but not taken into consideration) are repetitions of previously reported complaints. One time a manual action was taken, which means that these notifications were entered in AbuseIO, so these reports were aggregated in 2015. We have not done so for other years.
The complaints that have been rejected were complaints concerning material that could not be confirmed as undeniably unlawful.
Phishing
The table below contains information about the amount of complaints concerning phishing sites BIT has received and how they were processed.
| 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | |
| Processed Take Down requests | 8 | 22 | 50 | 211 | 338 | 103 |
| Rejected Take Down requests | 1 | 2 | 3 | 0 | 0 | 0 |
| Total | 9 | 24 | 53 | 211 | 338 | 103 |
Takedown requests regarding phishing
The number of takedown requests regarding phishing are displayed in the graph below. This will give you a clear overview of the developments during the years.
Child pornography
The table below contains information about the amount of complaints concerning child pornography BIT has received and how they were processed.
| 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | |
| Number of complaints accepted |
0 | 0 | 1 | 0 | 0 | 0 |
| Number of complaints rejected | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 1 | 0 | 0 | 0 |
Responsible disclosure
This year the responsible disclosure notifications that have been reported to BIT are included for the third time. The notifications that have been reported to BIT regarding not yet known vulnerabilities, BIT has rewarded the reporters for these notifications. Notifications about already known vulnerabilities, vulnerabilities outside the responsibility of BIT and vulnerabilities that were not a real threat according to BIT were not rewarded.
| 2015 | 2016 | 2017 | |
| Not yet known vulnerabilities | 2 | 0 | 0 |
| Already known vulnerabilities | 5 | 0 | 0 |
| Rejected notifications | 14 | 7 | 4 |
| Total | 21 | 7 | 4 |
Conclusions and comments
The number of handover request for personal data and legal interception orders remains low. The explanation we gave previous years is that BIT is a corporate ISP and does not (directly) do business with consumers remains applicable here. Since we make our transparency reports, we have now received tap orders for the first time.
The reported personal data breach can be explained by the fact that a laptop of a BIT employee was stolen on which was access to the employee's company email. The laptop was provided with a password and disc encryption.
The number of claims of copyright infringements have increased, because unlike in 2015 the claims have not been aggregated. These claims are automatically emailed and all those claims do not comply with our notice and takedown policy.
The number of phishing reports has slightly declined after an upward trend in previous years. We have no explanation for this decrease.