2021 Report
Compelled Disclosure
In 2021, Shopify received a total of 770 requests. We objected to 355 (46.1% of these requests).
This report includes data from January 1, 2021 to December 31, 2021.
Our Guiding Principles
Shopify is committed to protecting the privacy of our merchants, customers, partners, and everyone who entrusts us with their personal information. We believe that merchants own their personal information and the personal information of their customers. We are publishing this Transparency Report to:
Make commerce better for everyone by building consumer confidence through transparency, as recommended by the Office of the Privacy Commissioner of Canada.
Support an informed public debate on privacy rights by joining other members of our industry in reporting on government and other legal requests for access to data.
Comply with the spirit of and the principles underlying PIPEDA (the Canadian federal private sector privacy law), the GDPR (the European Union’s data protection regulation), and the CCPA (the California Consumer Privacy Act).
Our Process
To protect the privacy of our merchants, customers, and partners, we follow the below process upon receipt of a request to produce information about a merchant, a merchant’s customer, or a partner:
We will refuse to disclose personal information without a subpoena or court order issued by a body that has jurisdiction over Shopify.
Legal requests must be addressed to the correct Shopify entity (such as Shopify Inc. or Shopify International Limited).
We will always notify affected individuals before we disclose information, unless prohibited by law, and minimize the amount of personal information that we disclose.
We review the following factors to ensure that each order is legally and procedurally valid, broken down by heading below:
Jurisdiction and authority of requester
Type of legal request
Shopify entity and type of information requested
In 2021, we received legal requests for information from twenty countries.
As outlined in our Guidelines on Legal Requests for Information, we will only respond to enforceable subpoenas or court orders issued by: (a) bodies that have jurisdiction over the specific Shopify entity from which information is being requested; and (b) the authority to compel the production of information.
If the requesting body does not have jurisdiction over the relevant Shopify entity, we require that they follow the Mutual Legal Assistance Treaty or Hague Evidence Convention (“Letters Rogatory”) processes.
2021 received requests by country Information Requests by Country Requests Received Argentina 18 Australia 8 Belgium 6 Brazil 6 Canada 8 Catalonia (Spain) 2 China 3 France 367 Germany 54 Greece 1 Hungary 1 Iceland 1 India 13 Israel 1 Italy 8 Japan 5 Lithuania 2 Malta 1 Mexico 1 New Zealand 1 Pakistan 1 Poland 2 Scotland 1 Singapore 6 Spain 26 UK 9 USA 218 In 2021, we received different types of legal requests for information, including Grand Jury Subpoenas, Summons, Preservation Orders, Information Subpoenas, and Certifications of Trustee in Bankruptcy. We did not receive any national security letters, FISA orders, or other classified requests in 2021.
2021 received requests types Type of Data Request Number received Buyer Complaint 11 Court Order 30 Grand Jury Subpoena 51 Information Subpoena 192 Injunction (Preliminary or Permanent) 6 Law Enforcement Request 161 No Valid Order Attached 19 Preservation Order 10 Regulator/Consumer Protection Request 238 Search Warrant 5 Summons 9 Takedown Request 14 Temporary Restraining Order (TRO) 24