Government Requests for Your Photos Surged 770% - Here's What That Means

The numbers are staggering

Privacy company Proton published a report in April 2026 analyzing a decade of government data requests to the three largest tech platforms. The findings are hard to ignore.

Between late 2014 and early 2025, Google, Apple, and Meta disclosed data from more than 3.5 million user accounts to US authorities. When you include disclosures under the Foreign Intelligence Surveillance Act (FISA), that number jumps to 6.9 million accounts. In just the first half of 2025, these companies handed over data from 282,000 accounts.

The growth rate is what stands out. Google saw a 557% increase in disclosed accounts. Meta saw 668%. Apple - the company that markets itself as the privacy-first option - saw a 927% increase. These aren't small sample sizes or statistical anomalies. This is a systemic expansion of government access to private data.

What "user data" actually includes

When a government agency requests user data from Apple, Google, or Meta, they're not just getting your name and email address. Depending on the type of request, they can access:

• Photos and videos stored in iCloud, Google Photos, or uploaded to Instagram and Facebook
• Location data from photo EXIF metadata, device GPS history, and location services
• Messages and DMs including photo attachments sent through iMessage (if backed up to iCloud), Messenger, or Instagram DMs
• Device backups that can include every photo on your phone, browsing history, and app data
• Account activity - login times, IP addresses, devices used, and search queries

The photo angle is particularly important. If you back up your camera roll to iCloud or Google Photos, every photo you take is potentially accessible through a single data request. That includes photos you've deleted from your device but that still exist in cloud backups.

FISA requests are growing even faster

The most alarming part of Proton's report is the growth in FISA-related requests. Foreign Intelligence Surveillance Act requests are issued in secret - companies can't tell you they received one, and they can only report them in broad ranges after a delay.

FISA content requests at Meta soared 2,486% between 2014 and 2024. At Google, they rose 649%. These aren't targeted requests for suspected criminals. FISA allows for bulk collection of communications data from large groups of users, often without individual warrants.

For photo storage specifically, this means agencies can potentially access entire photo libraries without the account holder ever being notified. You won't get an email. You won't see a notification. Your photos get copied, and life goes on as if nothing happened.

The Apple privacy paradox

Apple's 927% increase is particularly striking because the company has spent billions on advertising that positions it as the privacy-first choice. 'What happens on your iPhone stays on your iPhone' was the tagline. But the data tells a different story.

Apple's iCloud backup system is the weak link. While your iPhone itself uses strong encryption, iCloud backups are stored with keys that Apple controls. When a government agency shows up with a valid legal request, Apple can - and does - hand over the contents of your iCloud account. That includes your entire photo library if you use iCloud Photos.

Apple did introduce Advanced Data Protection in late 2022, which enables end-to-end encryption for iCloud backups. But it's opt-in, buried in settings, and most users don't know it exists. The default is still accessible-by-Apple storage.

Google Photos is a surveillance goldmine

Google Photos is the most popular cloud photo service in the world with over a billion users. Every photo uploaded is analyzed by Google's AI for faces, objects, locations, and text. This makes it incredibly useful for search - and incredibly useful for anyone who gets access to the account.

When authorities request a Google account's data, they get the photo library plus all the AI-generated metadata. That means they don't just see your photos - they can search them by face, by location, by date, by what's in them. Google has already done the analysis work that would otherwise take investigators weeks.

Google also ended unlimited free storage for T-Mobile customers in March 2026, which means more users are now on standard Google One plans. The photos are still there, still analyzed, and still accessible. You're just paying for the privilege now.

What you can actually do about this

You can't stop governments from making data requests. But you can control what data exists to be requested in the first place.

Enable end-to-end encryption where available. Apple's Advanced Data Protection encrypts iCloud data so Apple can't access it. Google offers similar options through client-side encryption in Workspace, but not for consumer Google Photos accounts.

Don't back up everything to big tech cloud. Your camera roll doesn't need to live on servers that respond to government subpoenas. Use platforms that store data in privacy-friendly jurisdictions, minimize metadata, and don't analyze your photos with AI.

Separate your storage by sensitivity. Keep everyday snapshots on whatever cloud is convenient. But personal family photos, private moments, and anything you wouldn't want in a government database should go somewhere with stronger protections.

Check what's in your cloud right now. Most people have years of photos sitting in Google Photos or iCloud that they've forgotten about. Old screenshots, location-tagged photos, images with sensitive information visible - all of it is accessible if your account data gets requested.

The EU vs US gap is widening

In the EU, GDPR requires data minimization and purpose limitation. Government agencies can't just request bulk data without specific legal grounds. The EU AI Act adds further restrictions on automated analysis of personal data including photos.

The US has no federal privacy law. The patchwork of state laws - California's CCPA, Colorado's Privacy Act, Virginia's VCDPA - provides some protection, but none of them meaningfully restrict law enforcement access to cloud-stored data.

This gap matters for photo storage. Photos stored on EU servers under GDPR jurisdiction have legal protections that US-stored photos simply don't have. If privacy is a factor in where you keep your photos, server location matters.

The bottom line

The Proton report makes one thing clear: if your photos are stored with a big tech company, they're not really private. They're accessible to the company's AI systems, to advertisers in aggregate, and to government agencies with the right paperwork. The 770% increase over ten years isn't a trend that's likely to reverse.

At Viallo, photos are stored on EU servers. We don't analyze your images with AI, we don't share data with advertisers, and we don't build profiles from your photo metadata. When you share an album, recipients don't even need an account. Your photos stay yours.

Frequently asked questions