Twitter does give some reasons for why it may not comply with requests. "We do not comply with requests that fail to identify a Twitter account," the company says on its website. Twitter also says it seeks to narrow requests that are overly broad.
The company says it notifies users of requests for their account information, unless it is prohibited by statute or court order.
But if Twitter complies nearly 70 percent of the time for the U.S. government requests it discloses, that also means Twitter does not comply more than 30 percent of the time. That's actually a high rate and shows that Twitter is doing a good job in how it handles certain types of government data requests, said Parker Higgins, an activist at the Electronic Frontier Foundation who specializes in freedom of speech.
Each year EFF releases its "Who Has Your Back" report, which grades companies' data protection practices based on whether they require a warrant for content, or publish law enforcement guidelines, among other factors. Last year, Twitter ranked among the top performers in the survey, tying with Sonic.net, an Internet service provider.
The real mystery might be Twitter's policies around how long it holds on to users' data, which may include IP address records, Higgins said. The EFF advocates for "data minimization procedures," to limit the amount of potentially sensitive user data that companies might hold on to. Often companies don't review their policies in this area as much as they should, he said.
Twitter did not reply to a request for comment about its report.