Transparency Report

TRANSPARENCY REPORT


TRANSPARENCY REPORT 2019 BIT B.V. - VERSION 2020-05-27

In 2012, BIT issued their first transparency report with the aim of providing insight into requests for personal data at BIT, the number of notice-and-takedown requests BIT has received and processed and how many responsible disclosure reports we have received. In this report we publish this information for the year 2019.

We publish this information because we think it’s important, especially given the recent developments in the field of privacy, to provide our clients and other interested parties with openness. To enable trends to be identified, we have included the figures from 2012 to 2018 in this report as well.

Below you find the numbers per category for the received complaints/requests/notifications and the way these were handled. This report is also available as pdf-file.

2012 2013 2014 2015 2016 2017 2018 2019
Received requests 1 1 0 2 2 1 0 1
NAW-requests where information has been disclosed
1 1 0 2 0 0 0 0
Total 1 1 0 2 2 1 0 1


Handover requests

The table below shows the number of requests we have received for the handover of personal data of customers of BIT to law enforcements. The number of cases that were in compliance with this request are indicated as well.

Handover requests

Reports of data protection infringements

BIT is legally required to report any event of infringement of the protection of personal data they have stored. In 2019, BIT saw no reason to report this.

The prior reported personal data breaches in 2017 and 2018 can be explained by the fact that a mobile phone of a BIT employee was lost on which was access to the employee's company email. In both cases, the mobile phone was provided with a password and encryption.

2012 2013 2014 2015 2016 2017 2018 2019
Reports of data protection infringements 0 0 0 0 0 1 1 0

 

Legal interception orders

It is possible for the national police, FIOD-ECT, Inspection SZW, IOD, AID, AIVD and MIVD to place a legal interception order at a provider. This can be an email intercept or an IP intercept. The table below shows the number of legal interception orders we have received.

2012 2013 2014 2015 2016 2017 2018 2019
Amount of tapping orders 0 0 0 0 0 2 0 0

 

Malware

The table below shows how many complaints BIT received because of the (alleged) hosting of malware and how they were processed.

2012 2013 2014 2015 2016 2017 2018 2019
Processed Take Down requests 8 29 20 10 66 38 23 48
Rejected Take Down requests 4 0 0 0 0 0 0 0
Total 12 29 20 10 66 38 23 8

 

Takedown requests regarding malware

The number of takedown requests regarding malware are displayed in the graph below. This will give you a clear overview of the developments during the years.

Take down requests regarding copyright infringement

Takedown requests regarding copyright infringement

In the Transparency Report of 2013 BIT has published data about received and processed notice-and-takedown-requests for allegedly infringement of copyright. The numbers for this and prior years can be found below.

2013 2014 2015 2016 2017 2018 2019
Unprocessed complaintstake-down-verzoeken 1135 2339 607 1773 2000 1472 921
Complaints rejected by BITtake-down-verzoeken 5 6 0 0 0 0 0
Reported complaints 4 0 0 0 0 14 4
Total 1144 2345 607 1773 2000 1486 925

 

Takedown requests regarding copyright infringement

The number of takedown requests regarding copyright infringement are displayed in the graph below. This will give you a clear overview of the developments during the years.

Takedown requests regarding copyright infringement

The large number of unprocessed complaints are filed by a small number of parties that automatically file complaints on behalf of the film and music industry. Since they do not comply with our notice and takedown procedure, we have not processed these complaints. It is also possible that among these complaints reported in 2013, 2014, 2016, 2017, 2018 and 2019 (but not taken into consideration) are repetitions of previously reported complaints. One time a manual action was taken, which means that these notifications were entered in AbuseIO, so these reports were aggregated in 2015. We have not done so for other years.

The complaints that have been rejected were complaints concerning material that could not be confirmed as undeniably unlawful.

Phishing

The table below contains information about the amount of complaints concerning phishing sites BIT has received and how they were processed.

2012 2013 2014 2015 2016 2017 2018 2019
Processed Take Down requests 8 22 50 211 338 103 81 82
Rejected Take Down requests 1 2 3 0 0 0 0 0
Total 9 24 53 211 338 103 81 82

 

Takedown requests regarding phishing

The number of takedown requests regarding phishing are displayed in the graph below. This will give you a clear overview of the developments during the years.

Takedown requests regarding phishing

Child pornography

The table below contains information about the amount of complaints concerning child pornography BIT has received and how they were processed.

2012 2013 2014 2015 2016 2017 2018 2019
Number of complaints accepted
0 0 1 0 0 0 0 0
Number of complaints rejected 0 0 0 0 0 0 0 0
Total 0 0 1 0 0 0 0 0

 

Takedown requests regarding child pornography

The number of takedown requests regarding child pornography are displayed in the graph below. This will give you a clear overview of the developments during the years.

Takedown requests child pornography

Responsible disclosure

This year the responsible disclosure notifications that have been reported to BIT are included for the fourth time. In this overview we have made a distinction between rejected notifications, already known vulnerabilities and vulnerabilities that are not yet known to us.

2015 2016 2017 2018 2019
Not yet known vulnerabilities
2 0 0 2 20
Already known vulnerabilities
5 0 0 8 0
Rejected notifications 14 7 4 110 0
Total 21 7 4 120 20

The number of responsible disclosure notifications that have been reported to BIT are displayed in the graph below. This will give you a clear overview of the developments during the years.

Responsible disclosure

Conclusions and comments

The number of handover request for personal data and legal interception orders remains low. The explanation we gave previous years is that BIT is a corporate ISP and does not (directly) do business with consumers remains applicable here. We have no received tap orders in 2019.

The number of claims of copyright infringements have decreased again this year. These claims are automatically emailed and all those claims do not comply with our notice and takedown policy.

The number of phishing reports has remained roughly the same as 2018 after an increasing trend until 2016.

In the 2019 figures, the number of responsible disclosure reports is reduced after the peak in 2018. Since 2019, we have no longer stated in our responsible disclosure policy that a compensation is given.

Want to know more about this transparency report?

Would you like to know more about our annual transparency report? Please contact us on +31 318 648 688 or info@bit.nl.