TRANSPARENCY REPORT 2022 BIT B.V. - VERSION 2023-02-03
In 2012, BIT released its first transparency report with the goal of providing insight in how frequently we receive requests for our customers' personal data, how often we process notice-and-takedown requests, and how many Responsible Disclosure notifications we receive. This report contains information for the year 2022.
We share this information to demonstrate transparency to our partners and interested parties, as privacy concerns continue to rise in importance. To highlight trends, we have included data from 2018 through 2022 in the report. Additionally, we can provide data from before 2018 upon request.
For each category, the report outlines the number of complaints, requests, and notifications received, as well as how they were handled.
Personal Data
Below you will find an overview of the different types of requests BIT has received with regard to the handover of personal data, and how these requests were handled.
Disclosure of Personal Data
The table below shows the number of requests that BIT has received to disclose customers' personal data to law enforcement agencies. The table also indicates whether BIT complied with the requests or not.
2018 | 2019 | 2020 | 2021 | 2022 | |
Requests processed | 0 | 1 | 0 | 1 | 0 |
Requests rejected |
0 | 0 | 0 | 2 | 1 |
Total | 0 | 1 | 0 | 3 | 0 |
We have included the number of requests in the graph below to provide a clear overview of the annual developments.
Reporting Personal Data Breaches
By law, BIT must report any personal data breaches that occur. In 2022, there were no incidents that required BIT to report.
The previous report of a personal data breach in 2018 was due to the loss of an employee's phone, which had access to the employee's company email account. The phone was password-protected and encrypted.
2018 | 2019 | 2020 | 2021 | 2022 | |
Reports of personal data breaches | 1 | 0 | 0 | 0 | 0 |
Legal Interception Orders
The National Police, FIOD-ECT, Netherlands Labour Authority, IOD, AID, AIVD and MIVD have the authority to issue orders to a provider to perform interception or wire-tapping. This can be an email tap or IP tap. The table below shows the number of interception orders that BIT has received.
2018 | 2019 | 2020 | 2021 | 2022 | |
Interception orders received | 0 | 0 | 0 | 0 | 0 |
Takedown Requests
In this section you can find an overview of the various takedown requests BIT has received and how these requests were handled.
Takedown Requests Regarding Malware
The table below provides an overview of the number of takedown requests BIT has received for hosting (suspected) malware, as well as how these requests were handled.
2018 | 2019 | 2020 | 2021 | 2022 | |
Takedown requests processed | 23 | 48 | 4 | 5 | 4 |
Takedown requests rejected | 0 | 0 | 0 | 0 | 0 |
Total | 23 | 48 | 4 | 5 | 4 |
We have included the number of takedown requests regarding malware in the graph below to provide you with a clear overview of the annual developments.
Takedown Requests Regarding Copyright Infringement
In our 2013 Transparency Report, BIT included the number of notice-and-takedown requests received for alleged copyright infringement for the first time. The table below displays the figures for the past five years.
2018 | 2019 | 2020 | 2021 | 2022 | |
Takedown requests not processed | 1472 | 921 | 372 | 19 | 34 |
Takedown requests rejected | 0 | 0 | 0 | 0 | 0 |
Takedown requests forwarded | 14 | 4 | 53 | 221 | 357 |
Total | 1486 | 925 | 425 | 240 | 391 |
We have included the number of takedown requests regarding copyright infringement in the graph below to provide you with a clear overview of the annual developments.
Until 2020, the majority of requests not processed were automatically filed by a small number of parties on behalf of the film and music industry. At that time, these requests did not comply with our notice-and-takedown procedure.
Takedown Requests Regarding Phishing
The table below provides an overview of the number of takedown requests BIT has received regarding phishing, as well as how these requests were handled.
2018 | 2019 | 2020 | 2021 | 2022 | |
Takedown requests processed | 81 | 82 | 75 | 17 | 4 |
Takedown requests rejected | 0 | 0 | 0 | 1 | 0 |
Total | 81 | 82 | 75 | 18 | 4 |
We have included the number of takedown requests regarding phishing in the graph below to provide you with a clear overview of the annual developments.
CSAM
The table below shows how many takedown requests BIT has received regarding CSAM (child sexual abuse material), and how these requests were handled.
2018 | 2019 | 2020 | 2021 | 2022 | |
Takedown requests processed | 0 | 0 | 0 | 0 | 0 |
Takedown requests rejected | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 |
Terrorist content
Starting June 2022, a European regulation was implemented to combat the distribution of terrorist content online. In the Netherlands, these rules are enforced by the ATKM.
In 2022, BIT did not receive any takedown requests regarding terrorist content.
Responsible Disclosure
In the table below, you can see the number of Responsible Disclosure reports that BIT has received. We have distinguished between rejected reports, vulnerabilities that were already known to us, and vulnerabilities that were not previously known to us.
2018 | 2019 | 2020 | 2021 | 2022 | |
Rejected reports | 110 | 20 | 29 | 78 | 23 |
Known vulnerabilities | 8 | 0 | 0 | 0 | 0 |
Unknown vulnerabilities | 2 | 0 | 0 | 0 | 0 |
Total | 120 | 20 | 29 | 78 | 23 |
We have included the number of Responsible Disclosure reports BIT received in the graph below to provide you with a clear overview of the annual developments.
Conclusions
BIT does not provide services to private customers, which is why the number of requests for personal data and the number of legal interception orders remain low. In 2022, we did not receive any orders for legal interception.
The number of reported malware infections has significantly decreased in 2021 and 2022. This may be due to the reporting of these infections through other classifications, such as RBL listings.
The number of copyright infringement reports has again decreased. However, since 2021, BIT does forward complaints from parties making these complaints on behalf of the film and music industry, which explains the rise in the number of forwarded requests.
Starting June 2022, a European regulation was implemented to combat the distribution of terrorist content online. In 2022 BIT did not receive any takedown requests regarding terrorist content.
Since 2019, we have decided not to mention any monetary compensation in our Responsible Disclosure policy. As a result, the number of reports after 2018 has decreased. However, we still receive a relatively high number of reports on issues that are intentionally made public and where deliberate choices have been made for settings, or where vulnerabilities have been identified from version numbers even though backports have been used. Additionally, we also receive reports on systems that are excluded from our Responsible Disclosure policy, such as customer systems. We do forward these reports to the respective customers.