How do We Handle Law Enforcement Requests for Customer Data?

How do We Handle Law Enforcement Requests for Customer Data?

What does OVH US LLC ("OVHcloud") do when it receives a request from U.S. law enforcement for customer data?

OVHcloud does not release customer data without a properly served, valid, and binding court order. We require that requests for customer data be sent to OVHcloud for our legal team to review. When the legal team receives a request, they review the request to ensure that it is a legally valid demand.

What kind of data does OVHcloud produce in response to a legally valid and binding law enforcement request?

Generally, OVHcloud produces non-content information in response to valid and binding subpoenas. Non-content information is data such as name, address, billing information, and certain service usage information. Content information is the content of data files stored in OVHcloud customers' servers. OVHcloud does not produce content information in response to subpoenas. OVHcloud may produce non-content and content information in response to valid and binding search warrants that are issued upon a showing of probable cause.

Does a law enforcement agency in the U.S. have to use the legal process to compel OVHcloud to provide customer data?

Generally, the government needs a legal process — a subpoena, court order, or search warrant — to compel OVHcloud to provide customer data. OVHcloud does make exceptions in certain emergency cases such as when OVHcloud has a good faith belief that imminent bodily harm may result from a failure to respond.

Does OVHcloud notify customers of law enforcement requests?

Unless prohibited by law, OVHcloud will notify customers of a law enforcement request to OVHcloud for information relating to customers or customers' accounts.

How does OVHcloud handle requests from law enforcement agencies outside the U.S.?

The CLOUD Act authorizes the President to establish executive agreements permitting "qualifying" foreign governments to request records pertaining to foreign citizens from U.S.-based providers. To qualify, a foreign government must both be approved by the Attorney General and the Secretary of State and also abide by "robust" substantive and procedural protections for "privacy and civil liberties."

To date, only the United Kingdom and Australia have entered into such executive agreements. For the countries without agreements, OVHcloud would continue to honor requests only if they followed the mutual legal assistance treaty (MLAT) process.

How does OVHcloud handle reports of child sexual abuse material (CSAM)?

OVHcloud takes its role in combating CSAM very seriously and works in collaboration with the National Center for Missing and Exploited Children (NCMEC) and law enforcement to handle incidents of CSAM stored on OVHcloud servers. Generally, OVHcloud forwards reports of CSAM to impacted customers so that they may take necessary action to remove, preserve, and report the incident to NCMEC in accordance with their obligations under applicable law. Failure of customers to comply or cooperate in such matters will result in the immediate termination of said customer's account and server(s) in accordance with our Terms of Service and applicable law.